CVE-2021-41597: CSRF
First published: Wed Jan 12 2022(Updated: )
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SalesAgility SuiteCRM | >=7.10.0<7.10.35 | |
| SalesAgility SuiteCRM | >=7.12<7.12.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SuiteCRM vulnerability?
The vulnerability ID for this SuiteCRM vulnerability is CVE-2021-41597.
What is the severity of CVE-2021-41597?
The severity of CVE-2021-41597 is high.
What is the affected software for CVE-2021-41597?
The affected software for CVE-2021-41597 is SuiteCRM versions 7.10.0 to 7.10.35 and 7.12.0 to 7.12.2.
How can CVE-2021-41597 be exploited?
CVE-2021-41597 can be exploited through CSRF, leading to remote code execution via the UpgradeWizard functionality if a PHP file is included in a ZIP archive.
What is the official reference for CVE-2021-41597?
The official reference for CVE-2021-41597 can be found at https://docs.suitecrm.com/admin/releases/ and https://github.com/ach-ing/cves/blob/main/CVE-2021-41597.md.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/tags
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/salesagility
- canonical/salesagility suitecrm
- version/salesagility suitecrm/7.10.0
- version/salesagility suitecrm/7.12