Login Sign Up

CVE-2024-1644

9.9 CRITICAL
Remote Code Execution

📋 TL;DR

Suite CRM version 7.14.2 contains a Local File Inclusion (LFI) vulnerability that allows attackers to include and execute arbitrary PHP files from the local filesystem. This affects all organizations running the vulnerable Suite CRM version, potentially leading to remote code execution.

💻 Affected Systems

Products:
  • Suite CRM
Versions: 7.14.2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default installation of Suite CRM 7.14.2. No special configuration is required for exploitation.

📦 What is this software?

Suitecrm by Salesagility

View all CVEs affecting Suitecrm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Arbitrary file reading and potential code execution through PHP file inclusion, allowing attackers to access sensitive configuration files and execute malicious code.

🟢

If Mitigated

Limited impact if proper web application firewalls and file permission controls are in place, potentially restricting file inclusion to non-sensitive areas.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

LFI vulnerabilities are commonly weaponized and have low exploitation complexity. Public advisories provide technical details that could facilitate exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.14.3 or later

Vendor Advisory: https://github.com/salesagility/SuiteCRM/

Restart Required: No

Instructions:

1. Backup your Suite CRM installation and database. 2. Download the latest version from the official Suite CRM repository. 3. Replace vulnerable files with patched versions. 4. Verify functionality after update.

🔧 Temporary Workarounds

Web Application Firewall Rules

all

Implement WAF rules to block LFI attack patterns and file inclusion attempts

File Permission Restrictions

linux

Restrict web server permissions to prevent access to sensitive PHP files

chmod 644 sensitive_files.php
chown root:www-data web_directory

🧯 If You Can't Patch

  • Implement strict input validation and sanitization for all file inclusion parameters
  • Deploy network segmentation to isolate the vulnerable Suite CRM instance from critical systems

🔍 How to Verify

Check if Vulnerable:

Check Suite CRM version in admin panel or by examining the application files for version 7.14.2

Check Version:

Check Suite CRM admin dashboard or examine suitecrm_version.php file

Verify Fix Applied:

Verify version is updated to 7.14.3 or later and test LFI vectors are no longer exploitable

📡 Detection & Monitoring

Log Indicators:

  • Unusual file inclusion patterns in web server logs
  • Requests containing ../ sequences or file inclusion parameters

Network Indicators:

  • HTTP requests with file inclusion parameters attempting directory traversal

SIEM Query:

web_access_logs | where url contains "../" or url contains "php" and url contains "file="

📊 Metadata

CVE ID: CVE-2024-1644
CVSS v3 Score: 9.9 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-434
Published: February 20, 2024
Last Updated: December 31, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1644, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)