Shodan
Vulnerabilities
Vulnerable Software
Salesagility:  >> Suitecrm  >> 7.6.6  Security Vulnerabilities
CVE-2023-3627
Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-07-11
CVE-2023-1034
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9.
CVSS Score
4.3
EPSS Score
0.016
Published
2023-02-25
CVE-2022-23940
SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets executed. Project dependencies include a number of interesting PHP deserialization gadgets (e.g., Monolog/RCE1 from phpggc) that can be used for Code Execution.
CVSS Score
8.8
EPSS Score
0.449
Published
2022-03-10
CVE-2022-0755
Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-03-07
CVE-2022-0756
Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-03-07
CVE-2022-0754
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-03-07
CVE-2021-45897
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution.
CVSS Score
8.8
EPSS Score
0.246
Published
2022-01-28
CVE-2021-45898
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-01-28
CVE-2021-45899
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution.
CVSS Score
9.8
EPSS Score
0.032
Published
2022-01-28
CVE-2021-45903
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-12-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved