Shodan
Vulnerabilities
Vulnerable Software
Salesagility:  >> Suitecrm  >> 7.14.2  Security Vulnerabilities
CVE-2024-36410
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVSS Score
9.6
EPSS Score
0.001
Published
2024-06-10
CVE-2024-36407
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is also dependent on some password reset functionalities being enabled. It also requires the system using php 7, which is not an officially supported version. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVSS Score
3.7
EPSS Score
0.002
Published
2024-06-10
CVE-2024-36408
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVSS Score
9.6
EPSS Score
0.002
Published
2024-06-10
CVE-2024-36406
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-06-10
CVE-2024-1644
Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI.
CVSS Score
9.9
EPSS Score
0.003
Published
2024-02-20
CVE-2023-6388
Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF.
CVSS Score
5.0
EPSS Score
0.0
Published
2024-02-07
CVE-2023-3627
Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-07-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved