Shodan
Vulnerabilities
Vulnerable Software
Salesagility:  >> Suitecrm  Security Vulnerabilities
CVE-2022-0755
Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-03-07
CVE-2022-0756
Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-03-07
CVE-2022-0754
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-03-07
CVE-2021-45897
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution.
CVSS Score
8.8
EPSS Score
0.338
Published
2022-01-28
CVE-2021-45898
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-01-28
CVE-2021-45899
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution.
CVSS Score
9.8
EPSS Score
0.032
Published
2022-01-28
CVE-2021-41597
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-01-12
CVE-2021-45903
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-12-28
CVE-2021-45041
SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resource_id and start_date.
CVSS Score
8.8
EPSS Score
0.199
Published
2021-12-19
CVE-2021-42840
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328.
CVSS Score
8.8
EPSS Score
0.478
Published
2021-10-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved