Vulnerabilities > Salesagility > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-02-13 CVE-2020-8803 Path Traversal vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.
network
low complexity
salesagility CWE-22
critical
 9.8
9.8
2020-02-13 CVE-2020-8802 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.
network
low complexity
salesagility CWE-89
critical
 9.8
9.8
2019-11-06 CVE-2019-18784 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection.
network
low complexity
salesagility CWE-89
critical
 9.8
9.8
2019-10-02 CVE-2019-14454 Unspecified vulnerability in Salesagility Suitecrm
SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation.
network
low complexity
salesagility
critical
 9.8
9.8
2019-10-02 CVE-2019-13335 Server-Side Request Forgery (SSRF) vulnerability in Salesagility Suitecrm
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.
network
low complexity
salesagility CWE-918
critical
 9.8
9.8
2019-06-07 CVE-2019-12601 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3).
network
low complexity
salesagility CWE-89
critical
 9.8
9.8
2019-06-07 CVE-2019-12600 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3).
network
low complexity
salesagility CWE-89
critical
 9.8
9.8
2019-06-07 CVE-2019-12599 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection.
network
low complexity
salesagility CWE-89
critical
 9.8
9.8
2019-06-07 CVE-2019-12598 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3).
network
low complexity
salesagility CWE-89
critical
 9.8
9.8
2019-04-02 CVE-2019-6506 SQL Injection vulnerability in Salesagility Suitecrm 7.11.0
SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection.
network
low complexity
salesagility CWE-89
critical
 9.8
9.8