CVE-2020-15301

2020-11-1821:15:11

Google

osv.dev

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

27.4%

JSON

SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.

CPENameOperatorVersion
suitecrmeq7.8.0-beta
suitecrmeq7.11-rc
suitecrmeq7.11.9
suitecrmeq7.7.4
suitecrmeq7.8.8
suitecrmeq7.1.4
suitecrmeq7.8.15
suitecrmeq7.9.8
suitecrmeq7.4.2
suitecrmeq7.11.11

Name	Operator	Version
suitecrm	eq	7.8.0-beta
suitecrm	eq	7.11-rc
suitecrm	eq	7.11.9
suitecrm	eq	7.7.4
suitecrm	eq	7.8.8
suitecrm	eq	7.1.4
suitecrm	eq	7.8.15
suitecrm	eq	7.9.8
suitecrm	eq	7.4.2
suitecrm	eq	7.11.11