Suitecrm Security Vulnerabilities and Issues — Suitecrm CVE List

Lucene search

SalesagilitySuitecrm

4 matches found

CVE•added 2021/10/22 7:15 p.m.•96 views

CVE-2021-42840

SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were bl...

9CVSS9.1AI score0.52665EPSS

CVE•added 2021/10/04 7:15 a.m.•38 views

CVE-2021-41869

SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation.

8.8CVSS8.7AI score0.00883EPSS

CVE•added 2021/10/04 5:15 p.m.•35 views

CVE-2021-41595

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality.

5.3CVSS5.2AI score0.00269EPSS

CVE•added 2021/10/04 5:15 p.m.•33 views

CVE-2021-41596

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.

5.3CVSS5.2AI score0.00302EPSS