Vulnerabilities > Salesagility > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-10 CVE-2024-36412 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM is an open-source Customer Relationship Management (CRM) software application.
network
low complexity
salesagility CWE-89
critical
9.8
2024-06-10 CVE-2024-36417 Cross-site Scripting vulnerability in Salesagility Suitecrm
SuiteCRM is an open-source Customer Relationship Management (CRM) software application.
network
low complexity
salesagility CWE-79
critical
9.0
2023-11-14 CVE-2023-6126 Code Injection vulnerability in Salesagility Suitecrm
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
network
low complexity
salesagility CWE-94
critical
9.8
2023-10-03 CVE-2023-5350 SQL Injection vulnerability in Salesagility Suitecrm
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.
network
low complexity
salesagility CWE-89
critical
9.1
2021-10-22 CVE-2021-42840 Unrestricted Upload of File with Dangerous Type vulnerability in Salesagility Suitecrm
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting.
network
low complexity
salesagility CWE-434
critical
9.0
2020-11-06 CVE-2020-28328 Unrestricted Upload of File with Dangerous Type vulnerability in Salesagility Suitecrm
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting.
network
low complexity
salesagility CWE-434
critical
9.0
2017-09-06 CVE-2015-5948 Race Condition vulnerability in Salesagility Suitecrm
Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.
network
salesagility CWE-362
critical
9.3