SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.
Published February 13, 2020.
Salesagility Suitecrm
