CVE-2023-6126: Code Injection in salesagility/suitecrm
First published: Tue Nov 14 2023(Updated: )
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
Credit: security@huntr.dev
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SugarCRM | <7.12.14 | |
| SugarCRM | =7.14.0 | |
| SugarCRM | =7.14.1 | |
| SugarCRM | =8.4.0 | |
| SugarCRM | =8.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-6126?
CVE-2023-6126 is a Code Injection vulnerability in the salesagility/suitecrm GitHub repository.
What is the severity of CVE-2023-6126?
CVE-2023-6126 has a severity rating of 9.8 (critical).
Which versions of SalesAgility SuiteCRM are affected by CVE-2023-6126?
SalesAgility SuiteCRM versions prior to 7.14.2, 7.12.14, and 8.4.2 are affected by CVE-2023-6126.
How can I fix the Code Injection vulnerability in SalesAgility SuiteCRM?
To fix the Code Injection vulnerability in SalesAgility SuiteCRM, it is recommended to upgrade to version 7.14.2, 7.12.14, or 8.4.2.
Where can I find more information about CVE-2023-6126?
You can find more information about CVE-2023-6126 at the following references: [1](https://huntr.com/bounties/e22a9be3-3273-42cb-bfcc-c67a1025684e), [2](https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9)
- agent/references
- agent/type
- agent/event
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/title
- agent/weakness
- agent/author
- agent/severity
- collector/epss-latest
- source/FIRST
- agent/description
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/salesagility
- canonical/sugarcrm
- version/sugarcrm/7.14.0
- version/sugarcrm/7.14.1
- version/sugarcrm/8.4.0
- version/sugarcrm/8.4.1