CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8802 – SuiteCRM 7.11.11 Bean Manipulation
https://notcve.org/view.php?id=CVE-2020-8802
SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation. SuiteCRM versiones hasta 7.11.11, presenta un Control de Acceso Incorrecto por medio de una Manipulación de Bean de action_saveHTMLField. SuiteCRM versions 7.11.11 and below suffer from an action_saveHTMLField bean manipulation vulnerability. • http://packetstormsecurity.com/files/156327/SuiteCRM-7.11.11-Bean-Manipulation.html http://seclists.org/fulldisclosure/2020/Feb/5 https://suitecrm.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8801 – SuiteCRM 7.11.11 Phar Deserialization
https://notcve.org/view.php?id=CVE-2020-8801
SuiteCRM through 7.11.11 allows PHAR Deserialization. SuiteCRM versiones hasta 7.11.11, permite una deserialización de PHAR. SuiteCRM versions 7.11.11 and below suffer from multiple phar deserialization vulnerabilities. • http://packetstormsecurity.com/files/156324/SuiteCRM-7.11.11-Phar-Deserialization.html http://seclists.org/fulldisclosure/2020/Feb/4 https://suitecrm.com • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8800 – SuiteCRM 7.11.11 Second-Order PHP Object Injection
https://notcve.org/view.php?id=CVE-2020-8800
SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection. SuiteCRM versiones hasta 7.11.11, permite una Inyección de objeto PHP de la función EmailsControllerActionGetFromFields. SuiteCRM versions 7.11.11 and below suffer from a second-order php object injection vulnerability. • http://packetstormsecurity.com/files/156321/SuiteCRM-7.11.11-Second-Order-PHP-Object-Injection.html https://seclists.org/fulldisclosure/2020/Feb/3 https://suitecrm.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18784
https://notcve.org/view.php?id=CVE-2019-18784
SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection. SuiteCRM versiones 7.10.x anteriores a 7.10.21 y versiones 7.11.x anteriores a 7.11.9, permiten una inyección SQL. • https://docs.suitecrm.com/admin/releases/7.10.x https://docs.suitecrm.com/admin/releases/7.11.x • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14454
https://notcve.org/view.php?id=CVE-2019-14454
SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation. SuiteCRM versiones 7.11.x y versiones 7.10.x anteriores a 7.11.8 y 7.10.20, es vulnerable a la escalada de privilegios verticales. • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_20 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_8 •