Suitecrm Security Vulnerabilities and Issues — Suitecrm CVE List

Lucene search

SalesagilitySuitecrm

9 matches found

CVE•added 2022/03/07 1:15 p.m.•90 views

CVE-2022-0755

Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.

7.1CVSS4.9AI score0.00228EPSS

CVE•added 2022/03/10 5:45 p.m.•82 views

CVE-2022-23940

SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing...

8.8CVSS8.7AI score0.54403EPSS

CVE•added 2022/03/07 1:15 p.m.•81 views

CVE-2022-0754

SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5.

7.1CVSS7AI score0.00226EPSS

CVE•added 2022/03/07 1:15 p.m.•77 views

CVE-2022-0756

Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.

6.5CVSS5.9AI score0.00235EPSS

CVE•added 2022/04/15 1:15 p.m.•69 views

CVE-2022-27474

SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field.

7.2CVSS7.3AI score0.11432EPSS

CVE•added 2022/01/28 5:15 p.m.•64 views

CVE-2021-45897

SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution.

8.8CVSS9AI score0.33768EPSS

CVE•added 2022/01/28 5:15 p.m.•50 views

CVE-2021-45898

SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion.

9.8CVSS9.1AI score0.0047EPSS

CVE•added 2022/01/28 5:15 p.m.•46 views

CVE-2021-45899

SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution.

9.8CVSS9.8AI score0.03201EPSS

CVE•added 2022/01/12 8:15 p.m.•44 views

CVE-2021-41597

SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.

8.8CVSS8.8AI score0.00437EPSS