CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5350 – SQL Injection in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2023-5350
03 Oct 2023 — SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1. Inyección SQL en el repositorio de GitHub salesagility/suitecrm anterior a 7.14.1. • https://github.com/salesagility/suitecrm/commit/c43eaa311fb010b7928983e6afc6f9075c3996aa • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3627 – Cross-Site Request Forgery (CSRF) in salesagility/suitecrm-core
https://notcve.org/view.php?id=CVE-2023-3627
11 Jul 2023 — Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1. • https://github.com/salesagility/suitecrm-core/commit/78285702d76317f081b1fbc59cb2754e93b9a4c3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-1034 – Path Traversal: '\..\filename' in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2023-1034
25 Feb 2023 — Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9. • https://github.com/salesagility/suitecrm/commit/c19f221a41706efc8d73cef95c5e362c4f86bf06 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 7.2EPSS: 18%CPEs: 1EXPL: 1CVE-2022-27474
https://notcve.org/view.php?id=CVE-2022-27474
15 Apr 2022 — SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field. Se ha detectado que SuiteCRM versión v7.11.23, permite una ejecución de código remota por medio de una carga útil diseñada inyectada en el campo de texto FirstName • https://github.com/Mount4in/Mount4in.github.io/blob/master/poc.py •
CVSS: 8.8EPSS: 54%CPEs: 2EXPL: 2CVE-2022-23940
https://notcve.org/view.php?id=CVE-2022-23940
07 Mar 2022 — SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets executed. Project depend... • https://github.com/manuelz120/CVE-2022-23940 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0754 – SQL Injection in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2022-0754
07 Mar 2022 — SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5. Inyección SQL en el repositorio GitHub salesagility/suitecrm anterior a la versión 7.12.5 • https://github.com/salesagility/suitecrm/commit/e93b269f637de313f45b32c58cef5ec012a34f58 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0755 – Missing Authorization in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2022-0755
07 Mar 2022 — Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. Un Control de Acceso Inapropiado en el repositorio de GitHub salesagility/suitecrm versiones anteriores a 7.12.5 • https://github.com/salesagility/suitecrm/commit/e93b269f637de313f45b32c58cef5ec012a34f58 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0756 – Missing Authorization in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2022-0756
07 Mar 2022 — Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. Una Autorización Inapropiada en el repositorio de GitHub salesagility/suitecrm versiones anteriores a 7.12.5 • https://github.com/salesagility/suitecrm/commit/e93b269f637de313f45b32c58cef5ec012a34f58 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 3%CPEs: 6EXPL: 0CVE-2021-45899
https://notcve.org/view.php?id=CVE-2021-45899
28 Jan 2022 — SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution. SuiteCRM versiones anteriores a 7.12.3 y 8.x versiones anteriores a 8.0.2, permite una deserialización de PHAR que puede conllevar a una ejecución de código remota • https://docs.suitecrm.com/8.x/admin/releases/8.0 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-45898
https://notcve.org/view.php?id=CVE-2021-45898
28 Jan 2022 — SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion. SuiteCRM versiones anteriores a 7.12.3 y 8.x versiones anteriores a 8.0.2, permite una inclusión de archivos locales • https://docs.suitecrm.com/8.x/admin/releases/8.0 •