Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
suitecrm suitecrm vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-23940
SuiteCRM up to and including 7.12.1 and 8.x up to and including 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, the...
Salesagility Suitecrm
1 Github repository
6.1
CVSSv3
CVE-2021-39267
Persistent cross-site scripting (XSS) in the web interface of SuiteCRM prior to 7.11.19 allows a remote malicious user to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files. This occurs because text/html is blocked, but other types that allo...
Salesagility Suitecrm
6.1
CVSSv3
CVE-2021-39268
Persistent cross-site scripting (XSS) in the web interface of SuiteCRM prior to 7.11.19 allows a remote malicious user to introduce arbitrary JavaScript via malicious SVG files. This occurs because the clean_file_output protection mechanism can be bypassed.
Salesagility Suitecrm
8.1
CVSSv3
CVE-2015-5948
Race condition in SuiteCRM prior to 7.2.3 allows remote malicious users to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947.
Salesagility Suitecrm
9.8
CVSSv3
CVE-2019-13335
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.
Salesagility Suitecrm
6.1
CVSSv3
CVE-2020-15300
SuiteCRM up to and including 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.
Salesagility Suitecrm
7.8
CVSSv3
CVE-2020-15301
SuiteCRM up to and including 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.
Salesagility Suitecrm
6.1
CVSSv3
CVE-2021-45903
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM prior to 7.10.35, and 7.11.x and 7.12.x prior to 7.12.2, allows a remote malicious user to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2...
Salesagility Suitecrm
8.8
CVSSv3
CVE-2020-28328
SuiteCRM prior to 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.
Salesagility Suitecrm
1 Github repository
4.3
CVSSv3
CVE-2022-0755
Missing Authorization in GitHub repository salesagility/suitecrm before 7.12.5.
Salesagility Suitecrm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »