CVE-2023-6130
Published: 14 November 2023
Summary
CVE-2023-6130 is a high-severity Path Traversal: '\..\filename' (CWE-29) vulnerability in Salesagility Suitecrm. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 44.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-58385
Vulnerability details
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal vulnerability in public-facing SuiteCRM web app enables arbitrary file read, facilitating exploitation of public-facing applications (T1190), file and directory discovery (T1083), collection of data from local system files (T1005), and access to unsecured credentials in files (T1552.001).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.