Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
salesagility vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-3627
Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core before 8.3.1.
Salesagility Suitecrm
5
CVSSv2
CVE-2021-41596
SuiteCRM prior to 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.
Salesagility Suitecrm
9
CVSSv2
CVE-2020-28328
SuiteCRM prior to 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.
Salesagility Suitecrm
1 Github repository
NA
CVE-2023-5350
SQL Injection in GitHub repository salesagility/suitecrm before 7.14.1.
Salesagility Suitecrm
NA
CVE-2023-5351
Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm before 7.14.1.
Salesagility Suitecrm
NA
CVE-2023-5353
Improper Access Control in GitHub repository salesagility/suitecrm before 7.14.1.
Salesagility Suitecrm
5
CVSSv2
CVE-2021-41595
SuiteCRM prior to 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality.
Salesagility Suitecrm
6.8
CVSSv2
CVE-2021-41597
SuiteCRM up to and including 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.
Salesagility Suitecrm
7.5
CVSSv2
CVE-2019-14454
SuiteCRM 7.11.x and 7.10.x prior to 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation.
Salesagility Suitecrm
4.3
CVSSv2
CVE-2019-14752
SuiteCRM 7.10.x and 7.11.x prior to 7.10.20 and 7.11.8 has XSS.
Salesagility Suitecrm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »