Salesagility

salesagility

105 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Suitecrm

suitecrm

105 CVEs

CVEs (105)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-1644 1Salesagility 1Suitecrm Dec 31, 2024 Feb 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI.
CVE-2023-6388 1Salesagility 1Suitecrm Sep 29, 2025 Feb 7, 2024 N/A· v4 5.0 MEDIUM· v3 N/A· v2 Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF.
CVE-2023-47643 1Salesagility 1Suitecrm Nov 21, 2024 Nov 21, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and fu...Show more SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and understand the entire attack surface of the API, including sensitive fields such as UserHash. This issue is patched in version 8.4.2. There are no known workarounds.Show less
CVE-2023-6131 1Salesagility 1Suitecrm Nov 21, 2024 Nov 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVE-2023-6130 1Salesagility 1Suitecrm Nov 21, 2024 Nov 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVE-2023-6128 1Salesagility 1Suitecrm Nov 21, 2024 Nov 14, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVE-2023-6127 1Salesagility 1Suitecrm Nov 21, 2024 Nov 14, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVE-2023-6126 1Salesagility 1Suitecrm Nov 21, 2024 Nov 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVE-2023-6125 1Salesagility 1Suitecrm Nov 21, 2024 Nov 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVE-2023-6124 1Salesagility 1Suitecrm Nov 21, 2024 Nov 14, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14.
CVE-2023-5353 1Salesagility 1Suitecrm Nov 21, 2024 Oct 3, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVE-2023-5351 1Salesagility 1Suitecrm Nov 21, 2024 Oct 3, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVE-2023-5350 1Salesagility 1Suitecrm Nov 21, 2024 Oct 3, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVE-2023-3627 1Salesagility 1Suitecrm Nov 21, 2024 Jul 11, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1.
CVE-2023-3293 1Salesagility 1Suitecrm Nov 21, 2024 Jun 16, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0.
CVE-2023-1034 1Salesagility 1Suitecrm Nov 21, 2024 Feb 25, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9.
CVE-2022-27474 1Salesagility 1Suitecrm Nov 21, 2024 Apr 15, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field.
CVE-2022-23940 1Salesagility 1Suitecrm Nov 21, 2024 Mar 10, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients prope...Show more SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets executed. Project dependencies include a number of interesting PHP deserialization gadgets (e.g., Monolog/RCE1 from phpggc) that can be used for Code Execution.Show less
CVE-2022-0756 1Salesagility 1Suitecrm Nov 21, 2024 Mar 7, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.
CVE-2022-0755 1Salesagility 1Suitecrm Nov 21, 2024 Mar 7, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.

Previous 1 234 5 6 Next