Latest salesagility suitecrm Vulnerabilities

CVE-2023-6388
Suite CRM v7.14.2 - SSRF
SalesAgility SuiteCRM=7.14.2
CVE-2023-47643
SuiteCRM has Unauthenticated Graphql Introspection Enabled
SalesAgility SuiteCRM=8.4.1
CVE-2023-6131
Code Injection in salesagility/suitecrm
SalesAgility SuiteCRM<7.12.14
SalesAgility SuiteCRM=7.14.0
SalesAgility SuiteCRM=7.14.1
SalesAgility SuiteCRM=8.4.0
SalesAgility SuiteCRM=8.4.1
CVE-2023-6130
Path Traversal: '\..\filename' in salesagility/suitecrm
SalesAgility SuiteCRM<7.12.14
SalesAgility SuiteCRM=7.14.0
SalesAgility SuiteCRM=7.14.1
SalesAgility SuiteCRM=8.4.0
SalesAgility SuiteCRM=8.4.1
CVE-2023-6128
Cross-site Scripting (XSS) - Reflected in salesagility/suitecrm
SalesAgility SuiteCRM<7.12.14
SalesAgility SuiteCRM=7.14.0
SalesAgility SuiteCRM=7.14.1
SalesAgility SuiteCRM=8.4.0
SalesAgility SuiteCRM=8.4.1
CVE-2023-6127
Unrestricted Upload of File with Dangerous Type in salesagility/suitecrm
SalesAgility SuiteCRM<7.12.14
SalesAgility SuiteCRM=7.14.0
SalesAgility SuiteCRM=7.14.1
SalesAgility SuiteCRM=8.4.0
SalesAgility SuiteCRM=8.4.1
CVE-2023-6126
Code Injection in salesagility/suitecrm
SalesAgility SuiteCRM<7.12.14
SalesAgility SuiteCRM=7.14.0
SalesAgility SuiteCRM=7.14.1
SalesAgility SuiteCRM=8.4.0
SalesAgility SuiteCRM=8.4.1
CVE-2023-6125
Code Injection in salesagility/suitecrm
SalesAgility SuiteCRM<7.12.14
SalesAgility SuiteCRM=7.14.0
SalesAgility SuiteCRM=7.14.1
SalesAgility SuiteCRM=8.4.0
SalesAgility SuiteCRM=8.4.1
CVE-2023-6124
Server-Side Request Forgery (SSRF) in salesagility/suitecrm
SalesAgility SuiteCRM<7.12.14
SalesAgility SuiteCRM=7.14.0
SalesAgility SuiteCRM=7.14.1
SalesAgility SuiteCRM=8.4.0
SalesAgility SuiteCRM=8.4.1
CVE-2023-5353
Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.
SalesAgility SuiteCRM<7.14.1
CVE-2023-5351
Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1.
SalesAgility SuiteCRM<7.14.1
CVE-2023-5350
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.
SalesAgility SuiteCRM<7.14.1
CVE-2023-3627
Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1.
SalesAgility SuiteCRM<8.3.1
CVE-2023-3293
Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0.
SalesAgility SuiteCRM>=8.0.0<8.0.3
CVE-2023-1034
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9.
SalesAgility SuiteCRM<7.12.9
CVE-2022-27474
SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field.
SalesAgility SuiteCRM=7.11.23
CVE-2022-23940
SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the em...
SalesAgility SuiteCRM<7.12.5
SalesAgility SuiteCRM>=8.0<8.0.4
CVE-2022-0755
Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.
SalesAgility SuiteCRM<7.12.5
CVE-2021-45898
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion.
SalesAgility SuiteCRM<7.12.3
SalesAgility SuiteCRM>=8.0.0<8.0.2
SalesAgility SuiteCRM=8.0-beta
SalesAgility SuiteCRM=8.0-beta2
SalesAgility SuiteCRM=8.0-beta3
SalesAgility SuiteCRM=8.0-rc
CVE-2021-45899
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution.
SalesAgility SuiteCRM<7.12.3
SalesAgility SuiteCRM>=8.0.0<8.0.2
SalesAgility SuiteCRM=8.0-beta
SalesAgility SuiteCRM=8.0-beta2
SalesAgility SuiteCRM=8.0-beta3
SalesAgility SuiteCRM=8.0-rc
CVE-2021-45897
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution.
SalesAgility SuiteCRM<7.12.3
SalesAgility SuiteCRM>=8.0.0<8.0.2
SalesAgility SuiteCRM=8.0-beta
SalesAgility SuiteCRM=8.0-beta2
SalesAgility SuiteCRM=8.0-beta3
SalesAgility SuiteCRM=8.0-rc
CVE-2021-41597
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.
SalesAgility SuiteCRM>=7.10.0<7.10.35
SalesAgility SuiteCRM>=7.12<7.12.2
CVE-2021-45903
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attac...
SalesAgility SuiteCRM<7.10.35
SalesAgility SuiteCRM>=7.11.0<7.12.2
CVE-2021-45041
SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resource_id and start_date.
SalesAgility SuiteCRM<7.12.2
SalesAgility SuiteCRM=8.0-beta
SalesAgility SuiteCRM=8.0-beta2
SalesAgility SuiteCRM=8.0-beta3
SalesAgility SuiteCRM=8.0-rc
SalesAgility SuiteCRM=8.0.0
CVE-2021-42840
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker...
SalesAgility SuiteCRM<7.11.19
CVE-2021-41596
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import f...
SalesAgility SuiteCRM<7.10.33
SalesAgility SuiteCRM>=7.11.0<7.11.22
CVE-2021-41595
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionali...
SalesAgility SuiteCRM<7.10.33
SalesAgility SuiteCRM>=7.11.0<7.11.22
CVE-2021-41869
SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation.
SalesAgility SuiteCRM>=7.10.0<7.10.33
SalesAgility SuiteCRM>=7.11.0<7.11.22
CVE-2021-25961
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible f...
SalesAgility SuiteCRM>=7.1.7<7.10.32
SalesAgility SuiteCRM>=7.11.0<7.11.21
CVE-2021-25960
In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module ...
SalesAgility SuiteCRM>=7.10.29<7.10.32
SalesAgility SuiteCRM>=7.11.18<7.11.21
CVE-2021-39268
Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. This occurs because the clean_...
SalesAgility SuiteCRM<7.11.19
CVE-2021-39267
Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious fi...
SalesAgility SuiteCRM<7.11.19
CVE-2021-31792
XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field
SalesAgility SuiteCRM<7.11.19
CVE-2020-14208
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script o...
SalesAgility SuiteCRM<=7.11.13
CVE-2020-15300
SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.
SalesAgility SuiteCRM<=7.11.13
CVE-2020-15301
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template op...
SalesAgility SuiteCRM<=7.11.13
CVE-2020-28328
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to a...
SalesAgility SuiteCRM<7.11.17
CVE-2020-8787
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted.
SalesAgility SuiteCRM>=7.10.0<7.10.23
SalesAgility SuiteCRM>=7.11.0<7.11.11
CVE-2020-8784
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4).
SalesAgility SuiteCRM>=7.10.0<7.10.23
SalesAgility SuiteCRM>=7.11.0<7.11.11
CVE-2020-8786
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4).
SalesAgility SuiteCRM>=7.10.0<7.10.23
SalesAgility SuiteCRM>=7.11.0<7.11.11
CVE-2020-8783
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4).
SalesAgility SuiteCRM>=7.10.0<7.10.23
SalesAgility SuiteCRM>=7.11.0<7.11.11
CVE-2020-8785
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4).
SalesAgility SuiteCRM>=7.10.0<7.10.23
SalesAgility SuiteCRM>=7.11.0<7.11.11
CVE-2020-8801
SuiteCRM through 7.11.11 allows PHAR Deserialization.
SalesAgility SuiteCRM<=7.11.11
CVE-2020-8804
SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module.
SalesAgility SuiteCRM<=7.11.10
CVE-2020-8803
SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.
SalesAgility SuiteCRM<=7.11.11
CVE-2020-8802
SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.
SalesAgility SuiteCRM<=7.11.11
CVE-2020-8800
SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.
SalesAgility SuiteCRM<=7.11.11
CVE-2019-18784
SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection.
SalesAgility SuiteCRM>=7.10.0<7.10.21
SalesAgility SuiteCRM>=7.11.0<7.11.9
CVE-2019-14454
SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation.
SalesAgility SuiteCRM>=7.10.0<7.10.20
SalesAgility SuiteCRM>=7.11.0<7.11.8
CVE-2019-13335
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.
SalesAgility SuiteCRM>=7.10.0<7.10.19
SalesAgility SuiteCRM>=7.11.0<7.11.7

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203