Page 13 of 82 results (0.018 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4). SuiteCRM versiones 7.10.x anteriores a 7.10.23 y versiones 7.11.x anteriores a 7.11.11, permiten una Inyección SQL (problema 4 de 4). • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_23 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_11 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted. SuiteCRM versiones 7.10.x anteriores a 7.10.23 y versiones 7.11.x anteriores a 7.11.11, permite que sea enviado un ID de Bean no válido. • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_23 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_11 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4). SuiteCRM versiones 7.10.x anteriores a 7.10.23 y versiones 7.11.x anteriores a 7.11.11, permiten una Inyección SQL (problema 1 de 4). • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_23 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_11 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module. SuiteCRM versiones hasta 7.11.10, permite una inyección SQL por medio de la API SOAP, la interfaz EmailUIAjax o el módulo MailMerge. SuiteCRM versions 7.11.10 and below suffer from multiple remote SQL injection vulnerabilities. • http://packetstormsecurity.com/files/156331/SuiteCRM-7.11.10-SQL-Injection.html http://seclists.org/fulldisclosure/2020/Feb/7 https://suitecrm.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0

SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list. SuiteCRM versiones hasta 7.11.11, permite un Salto de Directorio para incluir archivos arbitrarios .php dentro de la root web por medio de la función add_to_prospect_list. SuiteCRM versions 7.11.11 and below suffer from an add_to_prospect_list broken access control that allows for local file inclusion attacks. • http://packetstormsecurity.com/files/156329/SuiteCRM-7.11.11-Broken-Access-Control-Local-File-Inclusion.html http://seclists.org/fulldisclosure/2020/Feb/6 https://suitecrm.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •