Vulmon Recent Vulnerabilities Trends Blog About Contact

suitecrm vulnerabilities and exploits

(subscribe to this query)

5
CVSSv2
CVE-2019-18785
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials....
5
CVSSv2
CVE-2019-18782
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism....
7.5
CVSSv2
CVE-2020-8784
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4)....
7.5
CVSSv2
CVE-2020-8803
SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list....
7.5
CVSSv2
CVE-2019-18784
SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection....
6.8
CVSSv2
CVE-2020-15301
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation....
9.3
CVSSv2
CVE-2015-5948
Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947....
4.3
CVSSv2
CVE-2019-14752
SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS....
4
CVSSv2
CVE-2020-8804
SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module....
7.5
CVSSv2
CVE-2020-8783
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4)....
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-25175template injectionspoofCVE-2021-21251physicalCVE-2020-28482CVE-2021-1682CVE-2021-0208CVE-2021-3113