CVE-2023-6125 – Code Injection in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2023-6125
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Inyección de código en el repositorio de GitHub salesagility/suitecrm anterior a 7.14.2, 7.12.14, 8.4.2. • https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9 https://huntr.com/bounties/a9462f1e-9746-4380-8228-533ff2f64691 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-6124 – Server-Side Request Forgery (SSRF) in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2023-6124
Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14. Server-Side Request Forgery (SSRF) en el repositorio de GitHub salesagility/suitecrm anterior a 7.14.2, 8.4.2, 7.12.14. • https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9 https://huntr.com/bounties/aed4d8f3-ab9a-42fd-afea-b3ec288a148e • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2023-5353 – Improper Access Control in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2023-5353
Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1. Control de acceso inadecuado en el repositorio de GitHub salesagility/suitecrm anterior a 7.14.1. • https://github.com/salesagility/suitecrm/commit/c43eaa311fb010b7928983e6afc6f9075c3996aa https://huntr.dev/bounties/3b3bb4f1-1aea-4134-99eb-157f245fa752 • CWE-284: Improper Access Control •
CVE-2023-5351 – Cross-site Scripting (XSS) - Stored in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2023-5351
Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1. Cross-Site Scripting (XSS) almacenado en el repositorio de GitHub salesagility/suitecrm antes de 7.14.1. • https://github.com/salesagility/suitecrm/commit/c43eaa311fb010b7928983e6afc6f9075c3996aa https://huntr.dev/bounties/f7c7fcbc-5421-4a29-9385-346a1caa485b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-5350 – SQL Injection in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2023-5350
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1. Inyección SQL en el repositorio de GitHub salesagility/suitecrm anterior a 7.14.1. • https://github.com/salesagility/suitecrm/commit/c43eaa311fb010b7928983e6afc6f9075c3996aa https://huntr.dev/bounties/c56563cb-b74e-4174-a09a-cd07689d6736 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •