Shodan
Vulnerabilities
Vulnerable Software
Salesagility:  >> Suitecrm  >> 7.12.7  Security Vulnerabilities
CVE-2024-36407
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is also dependent on some password reset functionalities being enabled. It also requires the system using php 7, which is not an officially supported version. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVSS Score
3.7
EPSS Score
0.003
Published
2024-06-10
CVE-2024-36408
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVSS Score
9.6
EPSS Score
0.003
Published
2024-06-10
CVE-2023-6130
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-14
CVE-2023-6131
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-11-14
CVE-2023-6127
Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-11-14
CVE-2023-6128
Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVSS Score
6.8
EPSS Score
0.002
Published
2023-11-14
CVE-2023-6125
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-14
CVE-2023-6126
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-11-14
CVE-2023-6124
Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14.
CVSS Score
5.0
EPSS Score
0.001
Published
2023-11-14
CVE-2023-5353
Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-10-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved