Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:salesagility:suitecrm:7.12.4:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-5350 |
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1. Published: October 03, 2023; 8:15:11 AM -0400 |
V4.0:(not available) V3.1: 9.1 CRITICAL V2.0:(not available) |
CVE-2023-3627 |
Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1. Published: July 11, 2023; 1:15:13 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-1034 |
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9. Published: February 24, 2023; 9:15:12 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-23940 |
SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets executed. Project dependencies include a number of interesting PHP deserialization gadgets (e.g., Monolog/RCE1 from phpggc) that can be used for Code Execution. Published: March 10, 2022; 12:45:56 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2022-0756 |
Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. Published: March 07, 2022; 8:15:08 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2022-0755 |
Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. Published: March 07, 2022; 8:15:08 AM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2022-0754 |
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5. Published: March 07, 2022; 8:15:07 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |