VYPR

Suitecrm

by Suitecrm

Source repositories

CVEs (96)

  • CVE-2024-36410Jun 10, 2024
    risk 0.00cvss epss 0.00

    SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

  • CVE-2024-36409Jun 10, 2024
    risk 0.00cvss epss 0.00

    SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

  • CVE-2024-36408Jun 10, 2024
    risk 0.00cvss epss 0.00

    SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

  • CVE-2024-36407Jun 10, 2024
    risk 0.00cvss epss 0.00

    SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the…

  • CVE-2024-36406Jun 10, 2024
    risk 0.00cvss epss 0.00

    SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

  • CVE-2023-47643Nov 21, 2023
    risk 0.00cvss epss 0.03

    SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and…

  • CVE-2022-27474Apr 15, 2022
    risk 0.00cvss epss 0.22

    SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field.

  • CVE-2021-45899Jan 28, 2022
    risk 0.00cvss epss 0.02

    SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution.

  • CVE-2021-45898Jan 28, 2022
    risk 0.00cvss epss 0.01

    SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion.

  • CVE-2021-41597Jan 12, 2022
    risk 0.00cvss epss 0.01

    SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.

  • CVE-2021-45903Dec 28, 2021
    risk 0.00cvss epss 0.01

    A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268.

  • CVE-2021-41596Oct 4, 2021
    risk 0.00cvss epss 0.02

    SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.

  • CVE-2021-25961Sep 29, 2021
    risk 0.00cvss epss 0.01

    In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.

  • CVE-2020-14208Nov 18, 2020
    risk 0.00cvss epss 0.01

    SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.

  • CVE-2020-15300Nov 18, 2020
    risk 0.00cvss epss 0.01

    SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.

  • CVE-2019-18785Mar 20, 2020
    risk 0.00cvss epss 0.01

    SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials.

  • CVE-2019-18782Mar 20, 2020
    risk 0.00cvss epss 0.01

    SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism.

  • CVE-2020-8784Mar 16, 2020
    risk 0.00cvss epss 0.01

    SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4).

  • CVE-2020-8785Mar 16, 2020
    risk 0.00cvss epss 0.01

    SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4).

  • CVE-2020-8786Mar 16, 2020
    risk 0.00cvss epss 0.01

    SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4).

Page 4 of 5