Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
salesagility suitecrm vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2019-12599
SuiteCRM 7.10.x prior to 7.10.17 and 7.11.x prior to 7.11.5 allows SQL Injection.
Salesagility Suitecrm
668
VMScore
CVE-2020-8783
SuiteCRM 7.10.x versions before 7.10.23 and 7.11.x versions before 7.11.11 allow SQL Injection (issue 1 of 4).
Salesagility Suitecrm
668
VMScore
CVE-2020-8786
SuiteCRM 7.10.x versions before 7.10.23 and 7.11.x versions before 7.11.11 allow SQL Injection (issue 4 of 4).
Salesagility Suitecrm
801
VMScore
CVE-2021-42840
SuiteCRM prior to 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP fi...
Salesagility Suitecrm
578
VMScore
CVE-2022-23940
SuiteCRM up to and including 7.12.1 and 8.x up to and including 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, the...
Salesagility Suitecrm
1 Github repository
605
VMScore
CVE-2020-15301
SuiteCRM up to and including 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.
Salesagility Suitecrm
605
VMScore
CVE-2015-5947
SuiteCRM prior to 7.2.3 allows remote malicious users to execute arbitrary code.
Salesagility Suitecrm
668
VMScore
CVE-2019-14454
SuiteCRM 7.11.x and 7.10.x prior to 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation.
Salesagility Suitecrm
383
VMScore
CVE-2021-45903
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM prior to 7.10.35, and 7.11.x and 7.12.x prior to 7.12.2, allows a remote malicious user to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2...
Salesagility Suitecrm
578
VMScore
CVE-2020-8801
SuiteCRM up to and including 7.11.11 allows PHAR Deserialization.
Salesagility Suitecrm
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »