Shodan
Vulnerabilities
Vulnerable Software
Salesagility:  Security Vulnerabilities
CVE-2020-8803
SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.
CVSS Score
9.8
EPSS Score
0.01
Published
2020-02-13
CVE-2020-8804
SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-02-13
CVE-2020-8800
SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-02-13
CVE-2019-18784
SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-11-06
CVE-2019-13335
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-10-02
CVE-2019-14454
SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-10-02
CVE-2019-14752
SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-09-30
CVE-2019-16922
SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-09-27
CVE-2019-12598
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3).
CVSS Score
9.8
EPSS Score
0.004
Published
2019-06-07
CVE-2019-12599
SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-06-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved