Page 12 of 71 results (0.004 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4). SuiteCRM versiones 7.10.x anteriores a 7.10.23 y versiones 7.11.x anteriores a 7.11.11, permiten una Inyección SQL (problema 1 de 4). • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_23 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_11 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module. SuiteCRM versiones hasta 7.11.10, permite una inyección SQL por medio de la API SOAP, la interfaz EmailUIAjax o el módulo MailMerge. SuiteCRM versions 7.11.10 and below suffer from multiple remote SQL injection vulnerabilities. • http://packetstormsecurity.com/files/156331/SuiteCRM-7.11.10-SQL-Injection.html http://seclists.org/fulldisclosure/2020/Feb/7 https://suitecrm.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0

SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list. SuiteCRM versiones hasta 7.11.11, permite un Salto de Directorio para incluir archivos arbitrarios .php dentro de la root web por medio de la función add_to_prospect_list. SuiteCRM versions 7.11.11 and below suffer from an add_to_prospect_list broken access control that allows for local file inclusion attacks. • http://packetstormsecurity.com/files/156329/SuiteCRM-7.11.11-Broken-Access-Control-Local-File-Inclusion.html http://seclists.org/fulldisclosure/2020/Feb/6 https://suitecrm.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation. SuiteCRM versiones hasta 7.11.11, presenta un Control de Acceso Incorrecto por medio de una Manipulación de Bean de action_saveHTMLField. SuiteCRM versions 7.11.11 and below suffer from an action_saveHTMLField bean manipulation vulnerability. • http://packetstormsecurity.com/files/156327/SuiteCRM-7.11.11-Bean-Manipulation.html http://seclists.org/fulldisclosure/2020/Feb/5 https://suitecrm.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

SuiteCRM through 7.11.11 allows PHAR Deserialization. SuiteCRM versiones hasta 7.11.11, permite una deserialización de PHAR. SuiteCRM versions 7.11.11 and below suffer from multiple phar deserialization vulnerabilities. • http://packetstormsecurity.com/files/156324/SuiteCRM-7.11.11-Phar-Deserialization.html http://seclists.org/fulldisclosure/2020/Feb/4 https://suitecrm.com • CWE-502: Deserialization of Untrusted Data •