23 matches found
EUVD-2026-13359
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. SuiteCRM 7.15.0 contains a reflected HTML injection vulnerability in the login page that allows attackers to inject arbitrary HTML content, enabling phishing attacks and page defacement. Versio...
CVE-2025-64489 SuiteCRM: Privilege Escalation via Improper Session Invalidation and Inactive User Bypass
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 contain a privilege escalation vulnerability where user sessions are not invalidated upon account deactivation. An inactive user with an...
EUVD-2010-2388
Malware in sbrugna...
EUVD-2024-17382
Malicious code in bioql PyPI...
EUVD-2023-58628
Malicious code in bioql PyPI...
BIT-SUITECRM-2024-1644 Suite CRM v7.14.2 - RCE via Local File Inclusion
Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI...
BIT-SUITECRM-2023-6388 Suite CRM v7.14.2 - SSRF
Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF...
CVE-2024-1644
Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI...
CVE-2024-1644
Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI...
Code injection
Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI...
CVE-2024-1644 Suite CRM v7.14.2 - RCE via Local File Inclusion
Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI...
CVE-2024-1644
CVE-2024-1644 affects SuiteCRM v7.14.2, where a Local File Inclusion (LFI) vulnerability allows including local PHP files. Multiple connected sources describe the issue as a code vulnerability enabling LFI, with some references explicitly noting possible Remote Code Execution (RCE) via LFI. The r...
CVE-2024-1644 Suite CRM v7.14.2 - RCE via Local File Inclusion
Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI...
CVE-2023-6388
Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF...
CVE-2023-6388
Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF...
Server side request forgery (ssrf)
Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF...
CVE-2023-6388
SuiteCRM 7.14.2 is affected by an SSRF vulnerability that allows an attacker to make arbitrary HTTP requests through the vulnerable server. Root cause: SSRF in the application; impact is the ability to trigger outbound requests via the server. Remediation: upgrade to a version that fixes the SSRF...
CVE-2023-6388 Suite CRM v7.14.2 - SSRF
Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF...
CVE-2023-6388 Suite CRM v7.14.2 - SSRF
Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF...
PT-2024-3586 · Suitecrm · Suitecrm
Name of the Vulnerable Software and Affected Versions: Suite CRM version 7.14.2 Description: The issue is related to a Local File Inclusion LFI vulnerability, which allows an attacker to include local PHP files. This can enable a remote attacker to run or open files on the web server without havi...