Vulnerabilities > Salesagility

DATE CVE VULNERABILITY TITLE RISK
2019-10-02 CVE-2019-14454 Unspecified vulnerability in Salesagility Suitecrm
SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation.
network
low complexity
salesagility
critical
9.8
2019-10-02 CVE-2019-13335 Server-Side Request Forgery (SSRF) vulnerability in Salesagility Suitecrm
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.
network
low complexity
salesagility CWE-918
critical
9.8
2019-09-30 CVE-2019-14752 Cross-site Scripting vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS.
network
low complexity
salesagility CWE-79
6.1
2019-09-27 CVE-2019-16922 Unspecified vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files.
network
low complexity
salesagility
5.3
2019-06-07 CVE-2019-12601 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3).
network
low complexity
salesagility CWE-89
critical
9.8
2019-06-07 CVE-2019-12600 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3).
network
low complexity
salesagility CWE-89
critical
9.8
2019-06-07 CVE-2019-12599 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection.
network
low complexity
salesagility CWE-89
critical
9.8
2019-06-07 CVE-2019-12598 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3).
network
low complexity
salesagility CWE-89
critical
9.8
2019-04-05 CVE-2018-20816 Cross-site Scripting vulnerability in Salesagility Suitecrm
An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking.
network
low complexity
salesagility CWE-79
6.1
2019-04-02 CVE-2019-6506 SQL Injection vulnerability in Salesagility Suitecrm 7.11.0
SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection.
network
low complexity
salesagility CWE-89
critical
9.8