CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8800 – SuiteCRM 7.11.11 Second-Order PHP Object Injection
https://notcve.org/view.php?id=CVE-2020-8800
SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection. SuiteCRM versiones hasta 7.11.11, permite una Inyección de objeto PHP de la función EmailsControllerActionGetFromFields. SuiteCRM versions 7.11.11 and below suffer from a second-order php object injection vulnerability. • http://packetstormsecurity.com/files/156321/SuiteCRM-7.11.11-Second-Order-PHP-Object-Injection.html https://seclists.org/fulldisclosure/2020/Feb/3 https://suitecrm.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18784
https://notcve.org/view.php?id=CVE-2019-18784
SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection. SuiteCRM versiones 7.10.x anteriores a 7.10.21 y versiones 7.11.x anteriores a 7.11.9, permiten una inyección SQL. • https://docs.suitecrm.com/admin/releases/7.10.x https://docs.suitecrm.com/admin/releases/7.11.x • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14454
https://notcve.org/view.php?id=CVE-2019-14454
SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation. SuiteCRM versiones 7.11.x y versiones 7.10.x anteriores a 7.11.8 y 7.10.20, es vulnerable a la escalada de privilegios verticales. • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_20 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_8 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13335
https://notcve.org/view.php?id=CVE-2019-13335
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF. SalesAgility SuiteCRM versiones 7.10.x hasta 7.10.19 y versiones 7.11.x anteriores a 7.11.7, presenta una vulnerabilidad de tipo SSRF. • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_20 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_7 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_8 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14752
https://notcve.org/view.php?id=CVE-2019-14752
SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS. SuiteCRM versiones 7.10.x y 7.11.x, en versiones anteriores a la 7.10.20 y 7.11.8 presenta una vulnerabilidad de tipo XSS. • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_20 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •