23 matches found
EUVD-2025-23893
Malicious code in bioql PyPI...
CVE-2025-54787
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID e.g. attachments. An...
CVE-2025-54784
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. There is a Cross Site Scripting XSS vulnerability in the email viewer in versions 7.14.0 through 7.14.6. An external attacker could send a prepared message to the inbox of the SuiteCRM-instance...
CVE-2025-54787 SuiteCRM: Improper Authorization for attachment downloads
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID e.g. attachments. An...
CVE-2025-54787 SuiteCRM: Improper Authorization for attachment downloads
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID e.g. attachments. An...
CVE-2025-54787 SuiteCRM: Improper Authorization for attachment downloads
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID e.g. attachments. An...
CVE-2025-54784
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. There is a Cross Site Scripting XSS vulnerability in the email viewer in versions 7.14.0 through 7.14.6. An external attacker could send a prepared message to the inbox of the SuiteCRM-instance...
CVE-2025-54783 SuiteCRM: Reflected Cross Site Scripting (XSS) through HTTP Referrer header
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.6 and below have a Reflected Cross-Site Scripting XSS vulnerability. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to inclu...
SuiteCRM 跨站脚本漏洞
SuiteCRM is a customer relationship management system from the SuiteCRM team. A cross-site scripting vulnerability exists in SuiteCRM 7.14.6 and earlier versions, which stems from a modification to the HTTP Referer header that could lead to a reflected cross-site scripting attack...
SuiteCRM 授权问题漏洞
SuiteCRM is a customer relationship management system from the SuiteCRM team. An authorization issue vulnerability exists in SuiteCRM version 7.14.6, which stems from allowing unauthorized downloads of files in the upload directory...
SuiteCRM 访问控制错误漏洞
SuiteCRM is a customer relationship management system from the SuiteCRM team. An access control error vulnerability exists in SuiteCRM versions 7.14.6 and 8.8.0 that stems from a legacy iCal service authentication flaw that could lead to unauthorized access to meeting data...
BIT-SUITECRM-2024-49773 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. currentpost parameter in export entry point can be abused ...
BIT-SUITECRM-2024-49774 ModuleScanner flaws in SuiteCRM
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM uses tokengetall to par...
BIT-SUITECRM-2024-50333 RCE in ModuleBuilder in SuiteCRM
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels function can be used to write attacker-controlled data into the custom language file that will be includ...
CVE-2024-49774
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM uses tokengetall to par...
CVE-2024-49773
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. currentpost parameter in export entry point can be abused ...
CVE-2024-49772
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database. This issue has been...
CVE-2024-49773
SuiteCRM vulnerability CVE-2024-49773 involves poor input validation in the export functionality, where the authenticated user can abuse the current_post parameter to perform blind SQL injection via generateSearchWhere(), leading to potential information disclosure of personally identifiable info...
CVE-2024-49773 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. currentpost parameter in export entry point can be abused ...
CVE-2024-49772 Authenticated SQL injection in AM_ProjectTemplates controller in SuiteCRM
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database. This issue has been...