Product:

Suitecrm

(Salesagility)
Repositories https://github.com/salesagility/SuiteCRM
#Vulnerabilities 85
Date Id Summary Products Score Patch Annotated
2020-02-13 CVE-2020-8804 SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module. Suitecrm 6.5
2020-03-16 CVE-2020-8783 SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4). Suitecrm 9.8
2020-03-16 CVE-2020-8784 SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4). Suitecrm 9.8
2020-03-16 CVE-2020-8785 SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4). Suitecrm 9.8
2020-03-16 CVE-2020-8786 SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4). Suitecrm 9.8
2020-03-16 CVE-2020-8787 SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted. Suitecrm 7.5
2020-11-06 CVE-2020-28328 SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root. Suitecrm 8.8
2020-11-18 CVE-2020-15301 SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation. Suitecrm 7.8
2020-11-18 CVE-2020-14208 SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML. Suitecrm 5.4
2020-11-18 CVE-2020-15300 SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document. Suitecrm 6.1