Published: 13/02/2020 Updated: 19/02/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

SuiteCRM up to and including 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

Mailing Lists

SuiteCRM versions 71111 and below suffer from an add_to_prospect_list broken access control that allows for local file inclusion attacks ...
------------------------------------------------------------------------------ ------------------------------------------------------------------------------ [-] Software Link: suitecrmcom/ [-] Affected Versions: Version 71111 and prior versions [-] Vulnerability Description: or any other administrative action which does not ...