Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
salesagility vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-45897
SuiteCRM prior to 7.12.3 and 8.x prior to 8.0.2 allows remote code execution.
Salesagility Suitecrm 8.0
Salesagility Suitecrm
1 Github repository
4.3
CVSSv2
CVE-2021-39267
Persistent cross-site scripting (XSS) in the web interface of SuiteCRM prior to 7.11.19 allows a remote malicious user to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files. This occurs because text/html is blocked, but other types that allo...
Salesagility Suitecrm
9
CVSSv2
CVE-2020-28328
SuiteCRM prior to 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.
Salesagility Suitecrm
1 Github repository
5
CVSSv2
CVE-2019-18782
SuiteCRM 7.10.x before 7.10.21 and 7.11.x before 7.11.9 does not correctly implement the .htaccess protection mechanism.
Salesagility Suitecrm
7.5
CVSSv2
CVE-2020-8783
SuiteCRM 7.10.x versions before 7.10.23 and 7.11.x versions before 7.11.11 allow SQL Injection (issue 1 of 4).
Salesagility Suitecrm
7.5
CVSSv2
CVE-2020-8784
SuiteCRM 7.10.x versions before 7.10.23 and 7.11.x versions before 7.11.11 allow SQL Injection (issue 2 of 4).
Salesagility Suitecrm
7.5
CVSSv2
CVE-2020-8785
SuiteCRM 7.10.x versions before 7.10.23 and 7.11.x versions before 7.11.11 allow SQL Injection (issue 3 of 4).
Salesagility Suitecrm
7.5
CVSSv2
CVE-2020-8786
SuiteCRM 7.10.x versions before 7.10.23 and 7.11.x versions before 7.11.11 allow SQL Injection (issue 4 of 4).
Salesagility Suitecrm
5
CVSSv2
CVE-2020-8787
SuiteCRM 7.10.x versions before 7.10.23 and 7.11.x versions before 7.11.11 allow for an invalid Bean ID to be submitted.
Salesagility Suitecrm
6.5
CVSSv2
CVE-2020-8800
SuiteCRM up to and including 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.
Salesagility Suitecrm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »