CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36415 – SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution
https://notcve.org/view.php?id=CVE-2024-36415
10 Jun 2024 — SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue. SuiteCRM es una aplicación de software de gestión de relaciones con el cliente (CRM) de código abierto. Antes de las versiones 7.14.4 y 8.6.1, una vulnerabilidad en la verificación de archivos cargados en los productos permitía la ejecución... • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-c82f-58jv-jfrh • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36414 – SuiteCRM authenticated Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2024-36414
10 Jun 2024 — SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. SuiteCRM es una aplicación de software de gestión de relaciones con el cliente (CRM) de código abierto. Antes de las versiones 7.14.4 y 8.6.1, una vulnerabilidad en la verificación de archivos de los conectores permitía un ataque d... • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-wg74-772c-8gr7 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36413 – SuiteCRM authenticated Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-36413
10 Jun 2024 — SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. SuiteCRM es una aplicación de software de gestión de relaciones con el cliente (CRM) de código abierto. Antes de las versiones 7.14.4 y 8.6.1, una vulnerabilidad en la vista de errores del módulo de importación permitía un ataque de Cross-Sit... • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-ph2c-hvvf-r273 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 37%CPEs: 2EXPL: 0CVE-2024-36412 – SuiteCRM unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2024-36412
10 Jun 2024 — SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. SuiteCRM es una aplicación de software de gestión de relaciones con el cliente (CRM) de código abierto. Antes de las versiones 7.14.4 y 8.6.1, una vulnerabilidad en el punto de entrada de respuesta a eventos permitía un ataque de inyección SQL. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-xjx2-38hv-5hh8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36411 – SuiteCRM authenticated SQL Injection in EmailUIAjax displayView controller
https://notcve.org/view.php?id=CVE-2024-36411
10 Jun 2024 — SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. SuiteCRM es una aplicación de software de gestión de relaciones con el cliente (CRM) de código abierto. En versiones anteriores a 7.14.4 y 8.6.1, una validación de entrada deficiente permite la inyección de SQL en el controlador DisplayView de... • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-9rvr-mcrf-p4p7 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36410 – SuiteCRM authenticated SQL Injection in EmailUIAjax messages count controller
https://notcve.org/view.php?id=CVE-2024-36410
10 Jun 2024 — SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. SuiteCRM es una aplicación de software de gestión de relaciones con el cliente (CRM) de código abierto. En versiones anteriores a 7.14.4 y 8.6.1, una validación de entrada deficiente permite la inyección de SQL en el controlador de recuento... • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-7jj8-m2wj-m6xq • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36409 – SuiteCRM authenticated SQL Injection in TreeData entrypoint
https://notcve.org/view.php?id=CVE-2024-36409
10 Jun 2024 — SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue. SuiteCRM es una aplicación de software de gestión de relaciones con el cliente (CRM) de código abierto. En versiones anteriores a 7.14.4 y 8.6.1, una validación de entrada deficiente permite la inyección SQL en el punto de entrada de datos del Tree. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-pxq4-vw23-v73f • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36408 – SuiteCRM authenticated SQL Injection in Alerts
https://notcve.org/view.php?id=CVE-2024-36408
10 Jun 2024 — SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. SuiteCRM es una aplicación de software de gestión de relaciones con el cliente (CRM) de código abierto. En versiones anteriores a 7.14.4 y 8.6.1, una validación de entrada deficiente permite la inyección de SQL en el controlador "Alertas". • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-2g8f-gjrr-x5cg • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36407 – SuiteCRM unauthenticated user password reset on php7
https://notcve.org/view.php?id=CVE-2024-36407
10 Jun 2024 — SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is also dependent on some password reset functionalities being enabled. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-6p2f-wwx9-952r • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36406 – SuiteCRM vulnerable to open redirects
https://notcve.org/view.php?id=CVE-2024-36406
10 Jun 2024 — SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-hcw8-p37h-8hrv • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •