Vulnerabilities > Salesagility > Suitecrm > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-11 CVE-2023-3627 Cross-Site Request Forgery (CSRF) vulnerability in Salesagility Suitecrm
Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1.
network
low complexity
salesagility CWE-352
8.8
8.8
2023-02-25 CVE-2023-1034 Path Traversal: '..filename' vulnerability in Salesagility Suitecrm
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9.
network
low complexity
salesagility CWE-29
8.8
8.8
2022-01-28 CVE-2021-45898 Unspecified vulnerability in Salesagility Suitecrm
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion.
network
low complexity
salesagility
7.5
7.5
2022-01-28 CVE-2021-45899 Deserialization of Untrusted Data vulnerability in Salesagility Suitecrm
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution.
network
low complexity
salesagility CWE-502
7.5
7.5
2020-03-16 CVE-2020-8786 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4).
network
low complexity
salesagility CWE-89
7.5
7.5
2020-03-16 CVE-2020-8785 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4).
network
low complexity
salesagility CWE-89
7.5
7.5
2020-03-16 CVE-2020-8784 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4).
network
low complexity
salesagility CWE-89
7.5
7.5
2020-03-16 CVE-2020-8783 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4).
network
low complexity
salesagility CWE-89
7.5
7.5
2020-02-13 CVE-2020-8803 Path Traversal vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.
network
low complexity
salesagility CWE-22
7.5
7.5
2020-02-13 CVE-2020-8802 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.
network
low complexity
salesagility CWE-89
7.5
7.5