Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
salesagility vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2021-45897
SuiteCRM prior to 7.12.3 and 8.x prior to 8.0.2 allows remote code execution.
Salesagility Suitecrm
Salesagility Suitecrm 8.0
1 Github repository
668
VMScore
CVE-2020-8786
SuiteCRM 7.10.x versions before 7.10.23 and 7.11.x versions before 7.11.11 allow SQL Injection (issue 4 of 4).
Salesagility Suitecrm
578
VMScore
CVE-2020-8800
SuiteCRM up to and including 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.
Salesagility Suitecrm
668
VMScore
CVE-2020-8802
SuiteCRM up to and including 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.
Salesagility Suitecrm
445
VMScore
CVE-2021-41596
SuiteCRM prior to 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.
Salesagility Suitecrm
605
VMScore
CVE-2021-41597
SuiteCRM up to and including 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.
Salesagility Suitecrm
801
VMScore
CVE-2021-42840
SuiteCRM prior to 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP fi...
Salesagility Suitecrm
356
VMScore
CVE-2022-0755
Missing Authorization in GitHub repository salesagility/suitecrm before 7.12.5.
Salesagility Suitecrm
668
VMScore
CVE-2019-13335
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.
Salesagility Suitecrm
383
VMScore
CVE-2021-39267
Persistent cross-site scripting (XSS) in the web interface of SuiteCRM prior to 7.11.19 allows a remote malicious user to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files. This occurs because text/html is blocked, but other types that allo...
Salesagility Suitecrm
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »