SuiteCRM Security Vulnerabilities
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or...
5.4CVSS
5AI Score
0.001EPSS
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template...
7.8CVSS
7.7AI Score
0.001EPSS
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web...
8.8CVSS
8.8AI Score
0.078EPSS
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection...
5.3CVSS
5.2AI Score
0.001EPSS
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and...
7.5CVSS
7.5AI Score
0.002EPSS
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be...
7.5CVSS
7.5AI Score
0.001EPSS
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of...
9.8CVSS
9.8AI Score
0.002EPSS
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of...
9.8CVSS
9.8AI Score
0.002EPSS
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of...
9.8CVSS
9.8AI Score
0.002EPSS
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of...
9.8CVSS
9.8AI Score
0.002EPSS
SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean...
9.8CVSS
9.5AI Score
0.007EPSS
SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via...
9.8CVSS
9.4AI Score
0.032EPSS
7.2CVSS
6.9AI Score
0.002EPSS
SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge...
6.5CVSS
7AI Score
0.004EPSS
8.8CVSS
8.7AI Score
0.002EPSS
SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL...
9.8CVSS
9.6AI Score
0.002EPSS
9.8CVSS
9.4AI Score
0.005EPSS
SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege...
9.8CVSS
9.4AI Score
0.002EPSS
6.1CVSS
6.3AI Score
0.001EPSS
SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of...
5.3CVSS
5.3AI Score
0.001EPSS
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of...
9.8CVSS
9.9AI Score
0.001EPSS
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of...
9.8CVSS
9.9AI Score
0.001EPSS
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of...
9.8CVSS
9.9AI Score
0.001EPSS
9.8CVSS
9.7AI Score
0.001EPSS
An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with...
6.1CVSS
6AI Score
0.001EPSS
SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL...
9.8CVSS
9.7AI Score
0.004EPSS
An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error...
6.1CVSS
5.9AI Score
0.001EPSS
Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for...
8.1CVSS
8.4AI Score
0.03EPSS
8.1CVSS
8.3AI Score
0.03EPSS