Page 4 of 84 results (0.044 seconds)

CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. SuiteCRM es una aplicación de software de gestión de relaciones con el cliente (CRM) de código abierto. En versiones anteriores a 7.14.4 y 8.6.1, una validación de entrada deficiente permite la inyección de SQL en el controlador de recuento de mensajes EmailUIAjax. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-7jj8-m2wj-m6xq • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue. SuiteCRM es una aplicación de software de gestión de relaciones con el cliente (CRM) de código abierto. En versiones anteriores a 7.14.4 y 8.6.1, una validación de entrada deficiente permite la inyección SQL en el punto de entrada de datos del Tree. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-pxq4-vw23-v73f • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. SuiteCRM es una aplicación de software de gestión de relaciones con el cliente (CRM) de código abierto. En versiones anteriores a 7.14.4 y 8.6.1, una validación de entrada deficiente permite la inyección de SQL en el controlador "Alertas". • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-2g8f-gjrr-x5cg • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is also dependent on some password reset functionalities being enabled. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-6p2f-wwx9-952r • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-hcw8-p37h-8hrv • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •