Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
salesagility suitecrm vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-13335
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.
Salesagility Suitecrm
6.1
CVSSv3
CVE-2020-15300
SuiteCRM up to and including 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.
Salesagility Suitecrm
8
CVSSv3
CVE-2021-25960
In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administ...
Salesagility Suitecrm
8
CVSSv3
CVE-2021-25961
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.
Salesagility Suitecrm
9.8
CVSSv3
CVE-2019-12599
SuiteCRM 7.10.x prior to 7.10.17 and 7.11.x prior to 7.11.5 allows SQL Injection.
Salesagility Suitecrm
9.8
CVSSv3
CVE-2019-12600
SuiteCRM 7.8.x prior to 7.8.30, 7.10.x prior to 7.10.17, and 7.11.x prior to 7.11.5 allows SQL Injection (issue 2 of 3).
Salesagility Suitecrm
6.1
CVSSv3
CVE-2021-39267
Persistent cross-site scripting (XSS) in the web interface of SuiteCRM prior to 7.11.19 allows a remote malicious user to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files. This occurs because text/html is blocked, but other types that allo...
Salesagility Suitecrm
6.5
CVSSv3
CVE-2023-5353
Improper Access Control in GitHub repository salesagility/suitecrm before 7.14.1.
Salesagility Suitecrm
5.3
CVSSv3
CVE-2021-41595
SuiteCRM prior to 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality.
Salesagility Suitecrm
8.8
CVSSv3
CVE-2021-41597
SuiteCRM up to and including 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.
Salesagility Suitecrm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »