Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
suitecrm suitecrm vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-8785
SuiteCRM 7.10.x versions before 7.10.23 and 7.11.x versions before 7.11.11 allow SQL Injection (issue 3 of 4).
Salesagility Suitecrm
9.8
CVSSv3
CVE-2020-8786
SuiteCRM 7.10.x versions before 7.10.23 and 7.11.x versions before 7.11.11 allow SQL Injection (issue 4 of 4).
Salesagility Suitecrm
7.5
CVSSv3
CVE-2020-8787
SuiteCRM 7.10.x versions before 7.10.23 and 7.11.x versions before 7.11.11 allow for an invalid Bean ID to be submitted.
Salesagility Suitecrm
8.8
CVSSv3
CVE-2020-8800
SuiteCRM up to and including 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.
Salesagility Suitecrm
7.2
CVSSv3
CVE-2020-8801
SuiteCRM up to and including 7.11.11 allows PHAR Deserialization.
Salesagility Suitecrm
9.8
CVSSv3
CVE-2020-8802
SuiteCRM up to and including 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.
Salesagility Suitecrm
9.8
CVSSv3
CVE-2020-8803
SuiteCRM up to and including 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.
Salesagility Suitecrm
6.1
CVSSv3
CVE-2021-39267
Persistent cross-site scripting (XSS) in the web interface of SuiteCRM prior to 7.11.19 allows a remote malicious user to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files. This occurs because text/html is blocked, but other types that allo...
Salesagility Suitecrm
6.1
CVSSv3
CVE-2021-39268
Persistent cross-site scripting (XSS) in the web interface of SuiteCRM prior to 7.11.19 allows a remote malicious user to introduce arbitrary JavaScript via malicious SVG files. This occurs because the clean_file_output protection mechanism can be bypassed.
Salesagility Suitecrm
6.1
CVSSv3
CVE-2020-15300
SuiteCRM up to and including 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.
Salesagility Suitecrm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »