Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
suitecrm suitecrm vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-12598
SuiteCRM 7.8.x prior to 7.8.30, 7.10.x prior to 7.10.17, and 7.11.x prior to 7.11.5 allows SQL Injection (issue 1 of 3).
Salesagility Suitecrm
9.8
CVSSv3
CVE-2019-12599
SuiteCRM 7.10.x prior to 7.10.17 and 7.11.x prior to 7.11.5 allows SQL Injection.
Salesagility Suitecrm
9.8
CVSSv3
CVE-2019-12600
SuiteCRM 7.8.x prior to 7.8.30, 7.10.x prior to 7.10.17, and 7.11.x prior to 7.11.5 allows SQL Injection (issue 2 of 3).
Salesagility Suitecrm
9.8
CVSSv3
CVE-2019-12601
SuiteCRM 7.8.x prior to 7.8.30, 7.10.x prior to 7.10.17, and 7.11.x prior to 7.11.5 allows SQL Injection (issue 3 of 3).
Salesagility Suitecrm
8.8
CVSSv3
CVE-2020-28328
SuiteCRM prior to 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.
Salesagility Suitecrm
1 Github repository
5.4
CVSSv3
CVE-2020-14208
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated malicious users to inject arbitrary web script or HTML.
Salesagility Suitecrm
8.8
CVSSv3
CVE-2023-1034
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm before 7.12.9.
Salesagility Suitecrm
8.1
CVSSv3
CVE-2015-5947
SuiteCRM prior to 7.2.3 allows remote malicious users to execute arbitrary code.
Salesagility Suitecrm
8.8
CVSSv3
CVE-2021-42840
SuiteCRM prior to 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP fi...
Salesagility Suitecrm
6.1
CVSSv3
CVE-2021-45903
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM prior to 7.10.35, and 7.11.x and 7.12.x prior to 7.12.2, allows a remote malicious user to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2...
Salesagility Suitecrm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »