Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Suitecrm
(Salesagility)| Repositories | https://github.com/salesagility/SuiteCRM |
| #Vulnerabilities | 85 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-20 | CVE-2024-1644 | Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI. | Suitecrm | 8.8 | ||
| 2020-02-13 | CVE-2020-8800 | SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection. | Suitecrm | 8.8 | ||
| 2020-02-13 | CVE-2020-8801 | SuiteCRM through 7.11.11 allows PHAR Deserialization. | Suitecrm | 7.2 | ||
| 2020-02-13 | CVE-2020-8802 | SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation. | Suitecrm | 9.8 | ||
| 2020-02-13 | CVE-2020-8803 | SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list. | Suitecrm | 9.8 | ||
| 2020-02-13 | CVE-2020-8804 | SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module. | Suitecrm | 6.5 | ||
| 2020-03-16 | CVE-2020-8783 | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4). | Suitecrm | 9.8 | ||
| 2020-03-16 | CVE-2020-8784 | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4). | Suitecrm | 9.8 | ||
| 2020-03-16 | CVE-2020-8785 | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4). | Suitecrm | 9.8 | ||
| 2020-03-16 | CVE-2020-8786 | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4). | Suitecrm | 9.8 |