Page 10 of 83 results (0.003 seconds)

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality. SuiteCRM versiones anteriores a 7.10.33 y 7.11.22 permite una divulgación de información por medio de Salto de Directorio. Un atacante puede incluir parcialmente archivos arbitrarios por medio del parámetro importFile de la funcionalidad RefreshMapping import • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22 https://github.com/ach-ing/cves/blob/main/CVE-2021-41596.md https://github.com/salesagility/SuiteCRM https://suitecrm.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality. SuiteCRM versiones anteriores a 7.10.33 y 7.11.22, permite una divulgación de información por medio de Salto de Directorio. Un atacante puede incluir parcialmente archivos arbitrarios por medio del parámetro file_name de la funcionalidad Step3 import • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22 https://github.com/ach-ing/cves/blob/main/CVE-2021-41595.md https://github.com/salesagility/SuiteCRM • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation. SuiteCRM versiones 7.10.x anteriores a 7.10.33 y versiones 7.11.x anteriores a 7.11.22 es vulnerable a una escalada de privilegios • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22 https://github.com/ach-ing/cves/blob/main/CVE-2021-41869.md https://github.com/salesagility/SuiteCRM https://suitecrm.com •

CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0

In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the data as a CSV file and opens it, the payload gets executed. This was not fixed properly as part of CVE-2020-15301, allowing the attacker to bypass the security measure. En la aplicación "SuiteCRM", versiones v7.11.18 hasta v7.11.19 y versiones v7.10.29 hasta v7.10.31, están afectadas por una vulnerabilidad "CSV Injection" (inyección de fórmulas). • https://github.com/salesagility/SuiteCRM/commit/7124482fe07ee164923d974456ed31e45f65e513 https://github.com/salesagility/SuiteCRM/commit/f463031bee59676d7d5be53bb32d551cd70a5648 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25960 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •

CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0

In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id. En la aplicación "SuiteCRM", versiones v7.1.7 hasta v7.10.31 y versiones v7.11-beta hasta v7.11.20, falla al no comprobar apropiadamente los enlaces de restablecimiento de la contraseña asociados a un identificador de usuario eliminado, lo que permite una toma de la cuenta de cualquier usuario recién creado con el mismo identificador de usuario • https://github.com/salesagility/SuiteCRM/commit/7124482fe07ee164923d974456ed31e45f65e513 https://github.com/salesagility/SuiteCRM/commit/f463031bee59676d7d5be53bb32d551cd70a5648 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25961 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •