CVEDB API

Vulnerabilities

Vulnerable Software

Salesagility: >> Suitecrm >> 7.10.20 Security Vulnerabilities

CVE-2020-8801

SuiteCRM through 7.11.11 allows PHAR Deserialization.

CVSS Score

7.2

EPSS Score

0.005

Published

2020-02-13

CVE-2020-8802

SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.

CVSS Score

9.8

EPSS Score

0.005

Published

2020-02-13

CVE-2020-8803

SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.

CVSS Score

9.8

EPSS Score

0.01

Published

2020-02-13

CVE-2020-8804

SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module.

CVSS Score

6.5

EPSS Score

0.004

Published

2020-02-13

CVE-2020-8800

SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.

CVSS Score

8.8

EPSS Score

0.005

Published

2020-02-13

CVE-2019-18784

SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection.

CVSS Score

9.8

EPSS Score

0.003

Published

2019-11-06

Page 7

Vulnerabilities

Vulnerable Software

Salesagility: >> Suitecrm >> 7.10.20 Security Vulnerabilities

Products

Pricing

Contact Us