Filtered by vendor Salesagility
Subscribe
Total
78 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-14454 | 1 Salesagility | 1 Suitecrm | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation. | |||||
CVE-2020-8804 | 1 Salesagility | 1 Suitecrm | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module. | |||||
CVE-2019-13335 | 1 Salesagility | 1 Suitecrm | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF. | |||||
CVE-2019-16922 | 1 Salesagility | 1 Suitecrm | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files. | |||||
CVE-2020-8801 | 1 Salesagility | 1 Suitecrm | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
SuiteCRM through 7.11.11 allows PHAR Deserialization. | |||||
CVE-2020-8803 | 1 Salesagility | 1 Suitecrm | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list. | |||||
CVE-2020-8802 | 1 Salesagility | 1 Suitecrm | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation. | |||||
CVE-2019-18784 | 1 Salesagility | 1 Suitecrm | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection. | |||||
CVE-2019-14752 | 1 Salesagility | 1 Suitecrm | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS. | |||||
CVE-2019-12601 | 1 Salesagility | 1 Suitecrm | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3). | |||||
CVE-2018-20816 | 1 Salesagility | 1 Suitecrm | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed. | |||||
CVE-2019-12598 | 1 Salesagility | 1 Suitecrm | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3). | |||||
CVE-2019-12599 | 1 Salesagility | 1 Suitecrm | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection. | |||||
CVE-2019-12600 | 1 Salesagility | 1 Suitecrm | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3). | |||||
CVE-2019-6506 | 1 Salesagility | 1 Suitecrm | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection. | |||||
CVE-2018-15606 | 1 Salesagility | 1 Suitecrm | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message. | |||||
CVE-2015-5948 | 1 Salesagility | 1 Suitecrm | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947. | |||||
CVE-2015-5947 | 1 Salesagility | 1 Suitecrm | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. |