Lucene search

MitreCVELIST:CVE-2021-41596

HistoryOct 04, 2021 - 4:48 p.m.

CVE-2021-41596

2021-10-0416:48:19

mitre

www.cve.org

suitecrm

directory traversal

information disclosure

refreshmapping

import functionality

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

46.6%

JSON

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.

References

docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33

docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22

github.com/ach-ing/cves/blob/main/CVE-2021-41596.md

github.com/salesagility/SuiteCRM

suitecrm.com