CVE-2021-41597
SuiteCRM 7.11.21 and earlier are affected by a CSRF vulnerability in the UpgradeWizard feature that allows remote code execution if a ZIP archive contains PHP files. The root cause is CSRF lacking proper token validation during upgrade operations, enabling an attacker-controlled ZIP payload to tr...