Shodan
Vulnerabilities
Vulnerable Software
Salesagility:  Security Vulnerabilities
CVE-2023-6126
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-11-14
CVE-2023-6124
Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14.
CVSS Score
5.0
EPSS Score
0.001
Published
2023-11-14
CVE-2023-5353
Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-10-03
CVE-2023-5350
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVSS Score
6.4
EPSS Score
0.002
Published
2023-10-03
CVE-2023-5351
Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVSS Score
8.9
EPSS Score
0.001
Published
2023-10-03
CVE-2023-3627
Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-07-11
CVE-2023-3293
Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0.
CVSS Score
7.6
EPSS Score
0.001
Published
2023-06-16
CVE-2023-1034
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9.
CVSS Score
4.3
EPSS Score
0.016
Published
2023-02-25
CVE-2022-27474
SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field.
CVSS Score
7.2
EPSS Score
0.114
Published
2022-04-15
CVE-2022-23940
SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets executed. Project dependencies include a number of interesting PHP deserialization gadgets (e.g., Monolog/RCE1 from phpggc) that can be used for Code Execution.
CVSS Score
8.8
EPSS Score
0.488
Published
2022-03-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved