CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3627 – Cross-Site Request Forgery (CSRF) in salesagility/suitecrm-core
https://notcve.org/view.php?id=CVE-2023-3627
11 Jul 2023 — Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1. • https://github.com/salesagility/suitecrm-core/commit/78285702d76317f081b1fbc59cb2754e93b9a4c3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-1034 – Path Traversal: '\..\filename' in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2023-1034
25 Feb 2023 — Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9. • https://github.com/salesagility/suitecrm/commit/c19f221a41706efc8d73cef95c5e362c4f86bf06 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 8.8EPSS: 44%CPEs: 2EXPL: 2CVE-2022-23940
https://notcve.org/view.php?id=CVE-2022-23940
07 Mar 2022 — SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets executed. Project depend... • https://github.com/manuelz120/CVE-2022-23940 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0754 – SQL Injection in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2022-0754
07 Mar 2022 — SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5. Inyección SQL en el repositorio GitHub salesagility/suitecrm anterior a la versión 7.12.5 • https://github.com/salesagility/suitecrm/commit/e93b269f637de313f45b32c58cef5ec012a34f58 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0755 – Missing Authorization in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2022-0755
07 Mar 2022 — Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. Un Control de Acceso Inapropiado en el repositorio de GitHub salesagility/suitecrm versiones anteriores a 7.12.5 • https://github.com/salesagility/suitecrm/commit/e93b269f637de313f45b32c58cef5ec012a34f58 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0756 – Missing Authorization in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2022-0756
07 Mar 2022 — Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. Una Autorización Inapropiada en el repositorio de GitHub salesagility/suitecrm versiones anteriores a 7.12.5 • https://github.com/salesagility/suitecrm/commit/e93b269f637de313f45b32c58cef5ec012a34f58 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 3%CPEs: 6EXPL: 0CVE-2021-45899
https://notcve.org/view.php?id=CVE-2021-45899
28 Jan 2022 — SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution. SuiteCRM versiones anteriores a 7.12.3 y 8.x versiones anteriores a 8.0.2, permite una deserialización de PHAR que puede conllevar a una ejecución de código remota • https://docs.suitecrm.com/8.x/admin/releases/8.0 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-45898
https://notcve.org/view.php?id=CVE-2021-45898
28 Jan 2022 — SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion. SuiteCRM versiones anteriores a 7.12.3 y 8.x versiones anteriores a 8.0.2, permite una inclusión de archivos locales • https://docs.suitecrm.com/8.x/admin/releases/8.0 •
CVSS: 8.8EPSS: 24%CPEs: 6EXPL: 1CVE-2021-45897
https://notcve.org/view.php?id=CVE-2021-45897
28 Jan 2022 — SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution. SuiteCRM versiones anteriores a 7.12.3 y 8.x versiones anteriores a 8.0.2, permite una ejecución de código remota • https://github.com/manuelz120/CVE-2021-45897 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-45903
https://notcve.org/view.php?id=CVE-2021-45903
28 Dec 2021 — A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268. Un problema persistente de tipo cross-site scripting (XSS en la interfaz web de SuiteCRM versiones anteriores a 7.10.35, y en versiones 7.11.x y 7.12.x anteriores a 7.12.2, permite a un atacante remoto introducir JavaScript arbitra... • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_35 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •