Total
84 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15300 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document. | |||||
| CVE-2020-14208 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML. | |||||
| CVE-2019-6506 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection. | |||||
| CVE-2019-18784 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection. | |||||
| CVE-2019-18782 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism. | |||||
| CVE-2019-16922 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files. | |||||
| CVE-2019-14752 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS. | |||||
| CVE-2019-14454 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation. | |||||
| CVE-2019-13335 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF. | |||||
| CVE-2019-12601 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3). | |||||
| CVE-2019-12600 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3). | |||||
| CVE-2019-12599 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection. | |||||
| CVE-2019-12598 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3). | |||||
| CVE-2018-20816 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed. | |||||
| CVE-2018-15606 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message. | |||||
| CVE-2015-5948 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947. | |||||
| CVE-2015-5947 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. | |||||
| CVE-2024-49774 | 1 Salesagility | 1 Suitecrm | 2024-11-13 | N/A | 7.2 HIGH |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM uses token_get_all to parse PHP scripts and check the resulted AST against blacklists. But it doesn't take into account all scenarios. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-49773 | 1 Salesagility | 1 Suitecrm | 2024-11-13 | N/A | 6.5 MEDIUM |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. `current_post` parameter in `export` entry point can be abused to perform blind SQL injection via generateSearchWhere(). Allows for Information disclosure, including personally identifiable information. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-49772 | 1 Salesagility | 1 Suitecrm | 2024-11-13 | N/A | 8.8 HIGH |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database. This issue has been addressed in releases 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||