Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
suitecrm vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-15301
SuiteCRM up to and including 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.
Salesagility Suitecrm
7.5
CVSSv2
CVE-2020-8783
SuiteCRM 7.10.x versions before 7.10.23 and 7.11.x versions before 7.11.11 allow SQL Injection (issue 1 of 4).
Salesagility Suitecrm
7.5
CVSSv2
CVE-2020-8784
SuiteCRM 7.10.x versions before 7.10.23 and 7.11.x versions before 7.11.11 allow SQL Injection (issue 2 of 4).
Salesagility Suitecrm
7.5
CVSSv2
CVE-2020-8785
SuiteCRM 7.10.x versions before 7.10.23 and 7.11.x versions before 7.11.11 allow SQL Injection (issue 3 of 4).
Salesagility Suitecrm
7.5
CVSSv2
CVE-2020-8786
SuiteCRM 7.10.x versions before 7.10.23 and 7.11.x versions before 7.11.11 allow SQL Injection (issue 4 of 4).
Salesagility Suitecrm
5
CVSSv2
CVE-2020-8787
SuiteCRM 7.10.x versions before 7.10.23 and 7.11.x versions before 7.11.11 allow for an invalid Bean ID to be submitted.
Salesagility Suitecrm
5.8
CVSSv2
CVE-2020-15300
SuiteCRM up to and including 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.
Salesagility Suitecrm
6.5
CVSSv2
CVE-2022-23940
SuiteCRM up to and including 7.12.1 and 8.x up to and including 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, the...
Salesagility Suitecrm
1 Github repository
4
CVSSv2
CVE-2022-0754
SQL Injection in GitHub repository salesagility/suitecrm before 7.12.5.
Salesagility Suitecrm
7.5
CVSSv2
CVE-2020-8802
SuiteCRM up to and including 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.
Salesagility Suitecrm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »