8 matches found
CVE-2025-54787
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID e.g. attachments. An...
CVE-2025-54787 SuiteCRM: Improper Authorization for attachment downloads
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID e.g. attachments. An...
CVE-2025-54787 SuiteCRM: Improper Authorization for attachment downloads
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID e.g. attachments. An...
CVE-2025-54787 SuiteCRM: Improper Authorization for attachment downloads
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID e.g. attachments. An...
CVE-2025-54783 SuiteCRM: Reflected Cross Site Scripting (XSS) through HTTP Referrer header
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.6 and below have a Reflected Cross-Site Scripting XSS vulnerability. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to inclu...
SuiteCRM 跨站脚本漏洞
SuiteCRM is a customer relationship management system from the SuiteCRM team. A cross-site scripting vulnerability exists in SuiteCRM 7.14.6 and earlier versions, which stems from a modification to the HTTP Referer header that could lead to a reflected cross-site scripting attack...
SuiteCRM 授权问题漏洞
SuiteCRM is a customer relationship management system from the SuiteCRM team. An authorization issue vulnerability exists in SuiteCRM version 7.14.6, which stems from allowing unauthorized downloads of files in the upload directory...
CVE-2024-49773 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. currentpost parameter in export entry point can be abused ...