Vulnerabilities > Salesagility > Suitecrm > 7.10.29

DATE CVE VULNERABILITY TITLE RISK
2023-07-11 CVE-2023-3627 Cross-Site Request Forgery (CSRF) vulnerability in Salesagility Suitecrm
Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1.
network
low complexity
salesagility CWE-352
8.8
8.8
2023-02-25 CVE-2023-1034 Path Traversal: '..filename' vulnerability in Salesagility Suitecrm
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9.
network
low complexity
salesagility CWE-29
8.8
8.8
2022-03-10 CVE-2022-23940 Deserialization of Untrusted Data vulnerability in Salesagility Suitecrm
SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution.
network
low complexity
salesagility CWE-502
6.5
6.5
2022-03-07 CVE-2022-0754 SQL Injection vulnerability in Salesagility Suitecrm
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5.
network
low complexity
salesagility CWE-89
4.0
4.0
2022-03-07 CVE-2022-0755 Missing Authorization vulnerability in Salesagility Suitecrm
Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.
network
low complexity
salesagility CWE-862
4.3
4.3
2022-03-07 CVE-2022-0756 Missing Authorization vulnerability in Salesagility Suitecrm
Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.
network
low complexity
salesagility CWE-862
6.5
6.5
2022-01-28 CVE-2021-45897 Unspecified vulnerability in Salesagility Suitecrm
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution.
network
low complexity
salesagility
6.5
6.5
2022-01-28 CVE-2021-45898 Unspecified vulnerability in Salesagility Suitecrm
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion.
network
low complexity
salesagility
7.5
7.5
2022-01-28 CVE-2021-45899 Deserialization of Untrusted Data vulnerability in Salesagility Suitecrm
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution.
network
low complexity
salesagility CWE-502
7.5
7.5
2022-01-12 CVE-2021-41597 Cross-Site Request Forgery (CSRF) vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive. 		6.8
6.8