Vulnerabilities > Salesagility

DATE CVE VULNERABILITY TITLE RISK
2022-01-28 CVE-2021-45898 Unspecified vulnerability in Salesagility Suitecrm
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion.
network
low complexity
salesagility
critical
9.8
2022-01-28 CVE-2021-45899 Deserialization of Untrusted Data vulnerability in Salesagility Suitecrm
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution.
network
low complexity
salesagility CWE-502
critical
9.8
2022-01-12 CVE-2021-41597 Cross-Site Request Forgery (CSRF) vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.
network
low complexity
salesagility CWE-352
8.8
2021-12-28 CVE-2021-45903 Cross-site Scripting vulnerability in Salesagility Suitecrm
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268.
network
low complexity
salesagility CWE-79
6.1
2021-12-19 CVE-2021-45041 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resource_id and start_date.
network
low complexity
salesagility CWE-89
8.8
2021-10-22 CVE-2021-42840 Unrestricted Upload of File with Dangerous Type vulnerability in Salesagility Suitecrm
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting.
network
low complexity
salesagility CWE-434
8.8
2021-10-04 CVE-2021-41595 Path Traversal vulnerability in Salesagility Suitecrm
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal.
network
low complexity
salesagility CWE-22
5.3
2021-10-04 CVE-2021-41596 Path Traversal vulnerability in Salesagility Suitecrm
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal.
network
low complexity
salesagility CWE-22
5.3
2021-10-04 CVE-2021-41869 Unspecified vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation.
network
low complexity
salesagility
8.8
2021-09-29 CVE-2021-25960 Improper Neutralization of Formula Elements in a CSV File vulnerability in Salesagility Suitecrm
In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection).
network
low complexity
salesagility CWE-1236
8.0