Product:

Suitecrm

(Salesagility)
Repositories https://github.com/salesagility/SuiteCRM
#Vulnerabilities 92
Date Id Summary Products Score Patch Annotated
2020-02-13 CVE-2020-8802 SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation. Suitecrm 9.8
2020-02-13 CVE-2020-8803 SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list. Suitecrm 9.8
2020-02-13 CVE-2020-8804 SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module. Suitecrm 6.5
2020-03-16 CVE-2020-8783 SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4). Suitecrm 9.8
2020-03-16 CVE-2020-8784 SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4). Suitecrm 9.8
2020-03-16 CVE-2020-8785 SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4). Suitecrm 9.8
2020-03-16 CVE-2020-8786 SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4). Suitecrm 9.8
2020-03-16 CVE-2020-8787 SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted. Suitecrm 7.5
2020-11-06 CVE-2020-28328 SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root. Suitecrm 8.8
2020-11-18 CVE-2020-15301 SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation. Suitecrm 7.8