Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
salesagility vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2020-8802
SuiteCRM up to and including 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.
Salesagility Suitecrm
668
VMScore
CVE-2020-8803
SuiteCRM up to and including 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.
Salesagility Suitecrm
801
VMScore
CVE-2020-28328
SuiteCRM prior to 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.
Salesagility Suitecrm
1 Github repository
668
VMScore
CVE-2019-18784
SuiteCRM 7.10.x versions before 7.10.21 and 7.11.x versions before 7.11.9 allow SQL Injection.
Salesagility Suitecrm
605
VMScore
CVE-2015-5947
SuiteCRM prior to 7.2.3 allows remote malicious users to execute arbitrary code.
Salesagility Suitecrm
828
VMScore
CVE-2015-5948
Race condition in SuiteCRM prior to 7.2.3 allows remote malicious users to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947.
Salesagility Suitecrm
383
VMScore
CVE-2021-39267
Persistent cross-site scripting (XSS) in the web interface of SuiteCRM prior to 7.11.19 allows a remote malicious user to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files. This occurs because text/html is blocked, but other types that allo...
Salesagility Suitecrm
668
VMScore
CVE-2020-8785
SuiteCRM 7.10.x versions before 7.10.23 and 7.11.x versions before 7.11.11 allow SQL Injection (issue 3 of 4).
Salesagility Suitecrm
445
VMScore
CVE-2020-8787
SuiteCRM 7.10.x versions before 7.10.23 and 7.11.x versions before 7.11.11 allow for an invalid Bean ID to be submitted.
Salesagility Suitecrm
NA
CVE-2023-6388
Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF.
Salesagility Suitecrm 7.14.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »