CVE-2019-18782
https://notcve.org/view.php?id=CVE-2019-18782
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism. SuiteCRM versiones 7.10.x anteriores a 7.10.21 y versiones 7.11.x anteriores a 7.11.9, no implementa correctamente el mecanismo de protección de .htaccess. • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_21 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_9 •
CVE-2020-8784
https://notcve.org/view.php?id=CVE-2020-8784
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4). SuiteCRM versiones 7.10.x anteriores a 7.10.23 y versiones 7.11.x anteriores a 7.11.11, permiten una Inyección SQL (problema 2 de 4). • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_23 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_11 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-8785
https://notcve.org/view.php?id=CVE-2020-8785
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4). SuiteCRM versiones 7.10.x anteriores a 7.10.23 y versiones 7.11.x anteriores a 7.11.11, permiten una Inyección SQL (problema 3 de 4). • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_23 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_11 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-8786
https://notcve.org/view.php?id=CVE-2020-8786
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4). SuiteCRM versiones 7.10.x anteriores a 7.10.23 y versiones 7.11.x anteriores a 7.11.11, permiten una Inyección SQL (problema 4 de 4). • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_23 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_11 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-8787
https://notcve.org/view.php?id=CVE-2020-8787
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted. SuiteCRM versiones 7.10.x anteriores a 7.10.23 y versiones 7.11.x anteriores a 7.11.11, permite que sea enviado un ID de Bean no válido. • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_23 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_11 • CWE-20: Improper Input Validation •