) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:salesagility:suitecrm:7.1.4:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-6131 |
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Published: November 14, 2023; 12:15:08 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2023-6130 |
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Published: November 14, 2023; 12:15:08 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2023-6128 |
Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Published: November 14, 2023; 11:15:28 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-6127 |
Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Published: November 14, 2023; 11:15:28 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-6126 |
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Published: November 14, 2023; 11:15:27 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2023-6125 |
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Published: November 14, 2023; 11:15:27 AM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2023-6124 |
Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14. Published: November 14, 2023; 10:15:08 AM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2023-5353 |
Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1. Published: October 03, 2023; 9:15:11 AM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2023-5351 |
Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1. Published: October 03, 2023; 8:15:11 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-5350 |
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1. Published: October 03, 2023; 8:15:11 AM -0400 |
V3.1: 9.1 CRITICAL V2.0:(not available) |
| CVE-2023-3627 |
Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1. Published: July 11, 2023; 1:15:13 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2023-1034 |
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9. Published: February 24, 2023; 9:15:12 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2022-23940 |
SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets executed. Project dependencies include a number of interesting PHP deserialization gadgets (e.g., Monolog/RCE1 from phpggc) that can be used for Code Execution. Published: March 10, 2022; 12:45:56 PM -0500 |
V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2022-0756 |
Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. Published: March 07, 2022; 8:15:08 AM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2022-0755 |
Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. Published: March 07, 2022; 8:15:08 AM -0500 |
V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2022-0754 |
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5. Published: March 07, 2022; 8:15:07 AM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2021-45899 |
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution. Published: January 28, 2022; 12:15:15 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2021-45898 |
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion. Published: January 28, 2022; 12:15:15 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2021-45897 |
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution. Published: January 28, 2022; 12:15:15 PM -0500 |
V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2021-45903 |
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268. Published: December 28, 2021; 9:15:07 AM -0500 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |