Vulnerabilities > Salesagility

DATE CVE VULNERABILITY TITLE RISK
2019-11-06 CVE-2019-18784 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection.
network
low complexity
salesagility CWE-89
7.5
7.5
2019-10-02 CVE-2019-14454 Unspecified vulnerability in Salesagility Suitecrm
SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation.
network
low complexity
salesagility
7.5
7.5
2019-10-02 CVE-2019-13335 Server-Side Request Forgery (SSRF) vulnerability in Salesagility Suitecrm
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.
network
low complexity
salesagility CWE-918
7.5
7.5
2019-09-30 CVE-2019-14752 Cross-site Scripting vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS. 		4.3
4.3
2019-09-27 CVE-2019-16922 Information Exposure vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files.
network
low complexity
salesagility CWE-200
5.0
5.0
2019-06-07 CVE-2019-12601 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3).
network
low complexity
salesagility CWE-89
7.5
7.5
2019-06-07 CVE-2019-12600 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3).
network
low complexity
salesagility CWE-89
7.5
7.5
2019-06-07 CVE-2019-12599 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection.
network
low complexity
salesagility CWE-89
7.5
7.5
2019-06-07 CVE-2019-12598 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3).
network
low complexity
salesagility CWE-89
7.5
7.5
2019-04-05 CVE-2018-20816 Cross-site Scripting vulnerability in Salesagility Suitecrm
An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. 		4.3
4.3