Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
salesagility suitecrm vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-12599
SuiteCRM 7.10.x prior to 7.10.17 and 7.11.x prior to 7.11.5 allows SQL Injection.
Salesagility Suitecrm
7.5
CVSSv2
CVE-2019-12600
SuiteCRM 7.8.x prior to 7.8.30, 7.10.x prior to 7.10.17, and 7.11.x prior to 7.11.5 allows SQL Injection (issue 2 of 3).
Salesagility Suitecrm
7.5
CVSSv2
CVE-2019-13335
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.
Salesagility Suitecrm
5
CVSSv2
CVE-2019-18782
SuiteCRM 7.10.x before 7.10.21 and 7.11.x before 7.11.9 does not correctly implement the .htaccess protection mechanism.
Salesagility Suitecrm
4.3
CVSSv2
CVE-2018-20816
An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x prior to 7.8.24 and 7.10.x prior to 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack t...
Salesagility Suitecrm
4.3
CVSSv2
CVE-2021-39268
Persistent cross-site scripting (XSS) in the web interface of SuiteCRM prior to 7.11.19 allows a remote malicious user to introduce arbitrary JavaScript via malicious SVG files. This occurs because the clean_file_output protection mechanism can be bypassed.
Salesagility Suitecrm
7.5
CVSSv2
CVE-2019-12598
SuiteCRM 7.8.x prior to 7.8.30, 7.10.x prior to 7.10.17, and 7.11.x prior to 7.11.5 allows SQL Injection (issue 1 of 3).
Salesagility Suitecrm
7.5
CVSSv2
CVE-2019-12601
SuiteCRM 7.8.x prior to 7.8.30, 7.10.x prior to 7.10.17, and 7.11.x prior to 7.11.5 allows SQL Injection (issue 3 of 3).
Salesagility Suitecrm
6
CVSSv2
CVE-2021-25960
In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administ...
Salesagility Suitecrm
6
CVSSv2
CVE-2021-25961
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.
Salesagility Suitecrm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »