Information disclosure

2021-10-0417:15:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.6%

JSON

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality.

CPENameOperatorVersion
suitecrmge7.11.0
suitecrmlt7.11.22
suitecrmlt7.10.33

Name	Operator	Version
suitecrm	ge	7.11.0
suitecrm	lt	7.11.22
suitecrm	lt	7.10.33

References

docs.suitecrm.com/admin/releases/7.10.x/

docs.suitecrm.com/admin/releases/7.11.x/

github.com/ach-ing/cves/blob/main/CVE-2021-41595.md

github.com/salesagility/SuiteCRM