CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8787
https://notcve.org/view.php?id=CVE-2020-8787
16 Mar 2020 — SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted. SuiteCRM versiones 7.10.x anteriores a 7.10.23 y versiones 7.11.x anteriores a 7.11.11, permite que sea enviado un ID de Bean no válido. • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_23 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8783
https://notcve.org/view.php?id=CVE-2020-8783
16 Mar 2020 — SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4). SuiteCRM versiones 7.10.x anteriores a 7.10.23 y versiones 7.11.x anteriores a 7.11.11, permiten una Inyección SQL (problema 1 de 4). • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_23 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8800 – SuiteCRM 7.11.11 Second-Order PHP Object Injection
https://notcve.org/view.php?id=CVE-2020-8800
13 Feb 2020 — SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection. SuiteCRM versiones hasta 7.11.11, permite una Inyección de objeto PHP de la función EmailsControllerActionGetFromFields. SuiteCRM versions 7.11.11 and below suffer from a second-order php object injection vulnerability. • https://packetstorm.news/files/id/156321 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8801 – SuiteCRM 7.11.11 Phar Deserialization
https://notcve.org/view.php?id=CVE-2020-8801
13 Feb 2020 — SuiteCRM through 7.11.11 allows PHAR Deserialization. SuiteCRM versiones hasta 7.11.11, permite una deserialización de PHAR. SuiteCRM versions 7.11.11 and below suffer from multiple phar deserialization vulnerabilities. • https://packetstorm.news/files/id/156324 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2020-8802 – SuiteCRM 7.11.11 Bean Manipulation
https://notcve.org/view.php?id=CVE-2020-8802
13 Feb 2020 — SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation. SuiteCRM versiones hasta 7.11.11, presenta un Control de Acceso Incorrecto por medio de una Manipulación de Bean de action_saveHTMLField. SuiteCRM versions 7.11.11 and below suffer from an action_saveHTMLField bean manipulation vulnerability. • https://packetstorm.news/files/id/156327 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2020-8803 – SuiteCRM 7.11.11 Broken Access Control / Local File Inclusion
https://notcve.org/view.php?id=CVE-2020-8803
13 Feb 2020 — SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list. SuiteCRM versiones hasta 7.11.11, permite un Salto de Directorio para incluir archivos arbitrarios .php dentro de la root web por medio de la función add_to_prospect_list. SuiteCRM versions 7.11.11 and below suffer from an add_to_prospect_list broken access control that allows for local file inclusion attacks. • https://packetstorm.news/files/id/156329 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2020-8804 – SuiteCRM 7.11.10 SQL Injection
https://notcve.org/view.php?id=CVE-2020-8804
13 Feb 2020 — SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module. SuiteCRM versiones hasta 7.11.10, permite una inyección SQL por medio de la API SOAP, la interfaz EmailUIAjax o el módulo MailMerge. SuiteCRM versions 7.11.10 and below suffer from multiple remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/156331 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18784
https://notcve.org/view.php?id=CVE-2019-18784
06 Nov 2019 — SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection. SuiteCRM versiones 7.10.x anteriores a 7.10.21 y versiones 7.11.x anteriores a 7.11.9, permiten una inyección SQL. • https://docs.suitecrm.com/admin/releases/7.10.x • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14454
https://notcve.org/view.php?id=CVE-2019-14454
02 Oct 2019 — SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation. SuiteCRM versiones 7.11.x y versiones 7.10.x anteriores a 7.11.8 y 7.10.20, es vulnerable a la escalada de privilegios verticales. • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_20 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13335
https://notcve.org/view.php?id=CVE-2019-13335
02 Oct 2019 — SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF. SalesAgility SuiteCRM versiones 7.10.x hasta 7.10.19 y versiones 7.11.x anteriores a 7.11.7, presenta una vulnerabilidad de tipo SSRF. • https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_20 • CWE-918: Server-Side Request Forgery (SSRF) •