Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

suitecrm vulnerabilities and exploits

(subscribe to this query)

6.8
CVSSv2
CVE-2015-5947
SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code....
6.5
CVSSv2
CVE-2020-8801
SuiteCRM through 7.11.11 allows PHAR Deserialization....
4.3
CVSSv2
CVE-2019-14752
SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS....
6.5
CVSSv2
CVE-2020-8800
SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection....
7.5
CVSSv2
CVE-2020-8803
SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list....
7.5
CVSSv2
CVE-2020-8802
SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation....
7.5
CVSSv2
CVE-2019-18784
SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection....
4
CVSSv2
CVE-2020-8804
SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module....
7.5
CVSSv2
CVE-2019-14454
SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation....
3.5
CVSSv2
CVE-2021-31792
XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-28482CVE-2021-3402localCVE-2021-1079CVE-2021-29596CVE-2021-29551privilege escalationbypassCVE-2021-29546
Vulnerability Notification Service
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook