Lucene search
China National Vulnerability DatabaseCNVD-2022-05432HistoryJan 16, 2022 - 12:00 a.m.
SuiteCRM Cross-Site Request Forgery Vulnerability
2022-01-1600:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
0.005 Low
EPSS
Percentile
76.8%
SuiteCRM is a customer relationship management system from the SuiteCRM (Suitecrm) team.SuiteCRM has a cross-site request forgery vulnerability in versions prior to 7.11.21, which stems from the software’s lack of token validation for cross-site request forgery. If the ZIP archive file contains PHP files, remote code can be executed via the UpgradeWizard function. No detailed vulnerability details are currently available.
| CPE | Name | Operator | Version |
|---|---|---|---|
| SuiteCRM SuiteCRM >=7.10.0, | lt | 7.10.35 | |
| SuiteCRM SuiteCRM >=7.12, | lt | 7.12.2 |
Related
cvelist
cvelist
CVE-2021-41597
2022-01-12 19:17:05
cve
cve
CVE-2021-41597
2022-01-12 20:15:08
nvd
nvd
CVE-2021-41597
2022-01-12 20:15:08
prion
prion
Cross site request forgery (csrf)
2022-01-12 20:15:00
osv
osv
CVE-2021-41597
2022-01-12 20:15:08
BIT-suitecrm-2021-41597
2024-03-06 11:09:44