Vendor CVEs
Suitecrm
All CVEs
96 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-49774 | 0.00 | — | 0.00 | Nov 5, 2024 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM… | |||
| CVE-2024-49773 | 0.00 | — | 0.00 | Nov 5, 2024 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. `current_post` parameter in `export`… | |||
| CVE-2024-49772 | 0.00 | — | 0.00 | Nov 5, 2024 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database.… | |||
| CVE-2024-45392 | 0.00 | — | 0.00 | Sep 5, 2024 | SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue. | |||
| CVE-2024-36419 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the `/legacy` route. Version 8.6.1 contains a patch for the issue. | |||
| CVE-2024-36418 | 0.00 | — | 0.01 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this… | |||
| CVE-2024-36417 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this… | |||
| CVE-2024-36415 | 0.00 | — | 0.01 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2024-36414 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2024-36411 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2024-36410 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2024-36409 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2024-36408 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2024-36407 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the… | |||
| CVE-2024-36406 | 0.00 | — | 0.00 | Jun 10, 2024 | SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||
| CVE-2023-47643 | 0.00 | — | 0.03 | Nov 21, 2023 | SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and… | |||
| CVE-2022-27474 | 0.00 | — | 0.22 | Apr 15, 2022 | SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field. | |||
| CVE-2021-45899 | 0.00 | — | 0.02 | Jan 28, 2022 | SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution. | |||
| CVE-2021-45898 | 0.00 | — | 0.01 | Jan 28, 2022 | SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion. | |||
| CVE-2021-41597 | 0.00 | — | 0.01 | Jan 12, 2022 | SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive. | |||
| CVE-2021-45903 | 0.00 | — | 0.01 | Dec 28, 2021 | A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268. | |||
| CVE-2021-41596 | 0.00 | — | 0.02 | Oct 4, 2021 | SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality. | |||
| CVE-2021-25961 | 0.00 | — | 0.01 | Sep 29, 2021 | In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id. | |||
| CVE-2020-14208 | 0.00 | — | 0.01 | Nov 18, 2020 | SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML. | |||
| CVE-2020-15300 | 0.00 | — | 0.01 | Nov 18, 2020 | SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document. | |||
| CVE-2019-18785 | 0.00 | — | 0.01 | Mar 20, 2020 | SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials. | |||
| CVE-2019-18782 | 0.00 | — | 0.01 | Mar 20, 2020 | SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism. | |||
| CVE-2020-8784 | 0.00 | — | 0.01 | Mar 16, 2020 | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4). | |||
| CVE-2020-8785 | 0.00 | — | 0.01 | Mar 16, 2020 | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4). | |||
| CVE-2020-8786 | 0.00 | — | 0.01 | Mar 16, 2020 | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4). | |||
| CVE-2020-8787 | 0.00 | — | 0.01 | Mar 16, 2020 | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted. | |||
| CVE-2020-8783 | 0.00 | — | 0.01 | Mar 16, 2020 | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4). | |||
| CVE-2020-8804 | 0.00 | — | 0.01 | Feb 13, 2020 | SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module. | |||
| CVE-2020-8803 | 0.00 | — | 0.03 | Feb 13, 2020 | SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list. | |||
| CVE-2020-8802 | 0.00 | — | 0.03 | Feb 13, 2020 | SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation. | |||
| CVE-2020-8801 | 0.00 | — | 0.03 | Feb 13, 2020 | SuiteCRM through 7.11.11 allows PHAR Deserialization. | |||
| CVE-2020-8800 | 0.00 | — | 0.03 | Feb 13, 2020 | SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection. | |||
| CVE-2019-18784 | 0.00 | — | 0.01 | Nov 6, 2019 | SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection. | |||
| CVE-2019-14454 | 0.00 | — | 0.02 | Oct 2, 2019 | SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation. | |||
| CVE-2019-14752 | 0.00 | — | 0.01 | Sep 30, 2019 | SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS. | |||
| CVE-2019-16922 | 0.00 | — | 0.01 | Sep 27, 2019 | SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files. | |||
| CVE-2019-12599 | 0.00 | — | 0.01 | Jun 7, 2019 | SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection. | |||
| CVE-2019-12598 | 0.00 | — | 0.01 | Jun 7, 2019 | SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3). | |||
| CVE-2019-12600 | 0.00 | — | 0.01 | Jun 7, 2019 | SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3). | |||
| CVE-2019-12601 | 0.00 | — | 0.01 | Jun 7, 2019 | SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3). | |||
| CVE-2019-6506 | 0.00 | — | 0.02 | Apr 2, 2019 | SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection. |
- CVE-2024-49774Nov 5, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM…
- CVE-2024-49773Nov 5, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. `current_post` parameter in `export`…
- CVE-2024-49772Nov 5, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database.…
- CVE-2024-45392Sep 5, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue.
- CVE-2024-36419Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the `/legacy` route. Version 8.6.1 contains a patch for the issue.
- CVE-2024-36418Jun 10, 2024risk 0.00cvss —epss 0.01
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this…
- CVE-2024-36417Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this…
- CVE-2024-36415Jun 10, 2024risk 0.00cvss —epss 0.01
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2024-36414Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2024-36411Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2024-36410Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2024-36409Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2024-36408Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2024-36407Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the…
- CVE-2024-36406Jun 10, 2024risk 0.00cvss —epss 0.00
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- CVE-2023-47643Nov 21, 2023risk 0.00cvss —epss 0.03
SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and…
- CVE-2022-27474Apr 15, 2022risk 0.00cvss —epss 0.22
SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field.
- CVE-2021-45899Jan 28, 2022risk 0.00cvss —epss 0.02
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution.
- CVE-2021-45898Jan 28, 2022risk 0.00cvss —epss 0.01
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion.
- CVE-2021-41597Jan 12, 2022risk 0.00cvss —epss 0.01
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.
- CVE-2021-45903Dec 28, 2021risk 0.00cvss —epss 0.01
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268.
- CVE-2021-41596Oct 4, 2021risk 0.00cvss —epss 0.02
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.
- CVE-2021-25961Sep 29, 2021risk 0.00cvss —epss 0.01
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.
- CVE-2020-14208Nov 18, 2020risk 0.00cvss —epss 0.01
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.
- CVE-2020-15300Nov 18, 2020risk 0.00cvss —epss 0.01
SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.
- CVE-2019-18785Mar 20, 2020risk 0.00cvss —epss 0.01
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials.
- CVE-2019-18782Mar 20, 2020risk 0.00cvss —epss 0.01
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism.
- CVE-2020-8784Mar 16, 2020risk 0.00cvss —epss 0.01
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4).
- CVE-2020-8785Mar 16, 2020risk 0.00cvss —epss 0.01
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4).
- CVE-2020-8786Mar 16, 2020risk 0.00cvss —epss 0.01
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4).
- CVE-2020-8787Mar 16, 2020risk 0.00cvss —epss 0.01
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted.
- CVE-2020-8783Mar 16, 2020risk 0.00cvss —epss 0.01
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4).
- CVE-2020-8804Feb 13, 2020risk 0.00cvss —epss 0.01
SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module.
- CVE-2020-8803Feb 13, 2020risk 0.00cvss —epss 0.03
SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.
- CVE-2020-8802Feb 13, 2020risk 0.00cvss —epss 0.03
SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.
- CVE-2020-8801Feb 13, 2020risk 0.00cvss —epss 0.03
SuiteCRM through 7.11.11 allows PHAR Deserialization.
- CVE-2020-8800Feb 13, 2020risk 0.00cvss —epss 0.03
SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.
- CVE-2019-18784Nov 6, 2019risk 0.00cvss —epss 0.01
SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection.
- CVE-2019-14454Oct 2, 2019risk 0.00cvss —epss 0.02
SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation.
- CVE-2019-14752Sep 30, 2019risk 0.00cvss —epss 0.01
SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS.
- CVE-2019-16922Sep 27, 2019risk 0.00cvss —epss 0.01
SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files.
- CVE-2019-12599Jun 7, 2019risk 0.00cvss —epss 0.01
SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection.
- CVE-2019-12598Jun 7, 2019risk 0.00cvss —epss 0.01
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3).
- CVE-2019-12600Jun 7, 2019risk 0.00cvss —epss 0.01
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3).
- CVE-2019-12601Jun 7, 2019risk 0.00cvss —epss 0.01
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3).
- CVE-2019-6506Apr 2, 2019risk 0.00cvss —epss 0.02
SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection.
Page 2 of 2