Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
suitecrm vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-18784
SuiteCRM 7.10.x versions before 7.10.21 and 7.11.x versions before 7.11.9 allow SQL Injection.
Salesagility Suitecrm
9.1
CVSSv3
CVE-2023-5350
SQL Injection in GitHub repository salesagility/suitecrm before 7.14.1.
Salesagility Suitecrm
5.4
CVSSv3
CVE-2023-5351
Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm before 7.14.1.
Salesagility Suitecrm
8.1
CVSSv3
CVE-2015-5948
Race condition in SuiteCRM prior to 7.2.3 allows remote malicious users to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947.
Salesagility Suitecrm
5.3
CVSSv3
CVE-2021-41595
SuiteCRM prior to 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality.
Salesagility Suitecrm
5.3
CVSSv3
CVE-2019-16922
SuiteCRM 7.10.x prior to 7.10.20 and 7.11.x prior to 7.11.8 allows unintended public exposure of files.
Salesagility Suitecrm
8.8
CVSSv3
CVE-2021-41869
SuiteCRM 7.10.x prior to 7.10.33 and 7.11.x prior to 7.11.22 is vulnerable to privilege escalation.
Salesagility Suitecrm
9.8
CVSSv3
CVE-2019-14454
SuiteCRM 7.11.x and 7.10.x prior to 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation.
Salesagility Suitecrm
8.8
CVSSv3
CVE-2020-28328
SuiteCRM prior to 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.
Salesagility Suitecrm
1 Github repository
8.8
CVSSv3
CVE-2023-3627
Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core before 8.3.1.
Salesagility Suitecrm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »