Vulnerabilities > Salesagility > Suitecrm > 7.10.1

DATE CVE VULNERABILITY TITLE RISK
2020-02-13 CVE-2020-8804 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module.
network
low complexity
salesagility CWE-89
6.5
6.5
2020-02-13 CVE-2020-8803 Path Traversal vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.
network
low complexity
salesagility CWE-22
critical
 9.8
9.8
2020-02-13 CVE-2020-8802 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.
network
low complexity
salesagility CWE-89
critical
 9.8
9.8
2020-02-13 CVE-2020-8801 Deserialization of Untrusted Data vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.11 allows PHAR Deserialization.
network
low complexity
salesagility CWE-502
7.2
7.2
2020-02-13 CVE-2020-8800 Injection vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.
network
low complexity
salesagility CWE-74
8.8
8.8
2019-11-06 CVE-2019-18784 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection.
network
low complexity
salesagility CWE-89
critical
 9.8
9.8
2019-10-02 CVE-2019-14454 Unspecified vulnerability in Salesagility Suitecrm
SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation.
network
low complexity
salesagility
critical
 9.8
9.8
2019-10-02 CVE-2019-13335 Server-Side Request Forgery (SSRF) vulnerability in Salesagility Suitecrm
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.
network
low complexity
salesagility CWE-918
critical
 9.8
9.8
2019-09-30 CVE-2019-14752 Cross-site Scripting vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS.
network
low complexity
salesagility CWE-79
6.1
6.1
2019-09-27 CVE-2019-16922 Unspecified vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files.
network
low complexity
salesagility
5.3
5.3