Vulnerabilities > Salesagility > Suitecrm > 7.0.2

DATE CVE VULNERABILITY TITLE RISK
2020-11-06 CVE-2020-28328 Unrestricted Upload of File with Dangerous Type vulnerability in Salesagility Suitecrm
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting.
network
low complexity
salesagility CWE-434
8.8
8.8
2020-02-13 CVE-2020-8804 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module.
network
low complexity
salesagility CWE-89
6.5
6.5
2020-02-13 CVE-2020-8803 Path Traversal vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.
network
low complexity
salesagility CWE-22
critical
 9.8
9.8
2020-02-13 CVE-2020-8802 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.
network
low complexity
salesagility CWE-89
critical
 9.8
9.8
2020-02-13 CVE-2020-8801 Deserialization of Untrusted Data vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.11 allows PHAR Deserialization.
network
low complexity
salesagility CWE-502
7.2
7.2
2020-02-13 CVE-2020-8800 Injection vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.
network
low complexity
salesagility CWE-74
8.8
8.8
2019-04-05 CVE-2018-20816 Cross-site Scripting vulnerability in Salesagility Suitecrm
An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking.
network
low complexity
salesagility CWE-79
6.1
6.1
2018-09-26 CVE-2018-15606 Cross-site Scripting vulnerability in Salesagility Suitecrm
An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message.
network
low complexity
salesagility CWE-79
6.1
6.1
2017-09-06 CVE-2015-5948 Race Condition vulnerability in Salesagility Suitecrm
Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.
network
high complexity
salesagility CWE-362
8.1
8.1
2017-09-06 CVE-2015-5947 Race Condition vulnerability in Salesagility Suitecrm
SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.
network
high complexity
salesagility CWE-362
8.1
8.1