Page 7 of 42 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1. • https://github.com/salesagility/suitecrm-core/commit/78285702d76317f081b1fbc59cb2754e93b9a4c3 https://huntr.dev/bounties/558b3dce-db03-47ba-b60b-c6eb578e04f1 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9. • https://github.com/salesagility/suitecrm/commit/c19f221a41706efc8d73cef95c5e362c4f86bf06 https://huntr.dev/bounties/0c1365bc-8d9a-4ae0-8b55-615d492b3730 • CWE-29: Path Traversal: '\..\filename' •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2

SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets executed. Project dependencies include a number of interesting PHP deserialization gadgets (e.g., Monolog/RCE1 from phpggc) that can be used for Code Execution. • https://github.com/manuelz120/CVE-2022-23940 https://docs.suitecrm.com/8.x/admin/releases/8.0 https://github.com/manuelz120 • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1

SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5. Inyección SQL en el repositorio GitHub salesagility/suitecrm anterior a la versión 7.12.5 • https://github.com/salesagility/suitecrm/commit/e93b269f637de313f45b32c58cef5ec012a34f58 https://huntr.dev/bounties/8afb7991-c6ed-42d9-bd9b-1cc83418df88 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. Una Autorización Inapropiada en el repositorio de GitHub salesagility/suitecrm versiones anteriores a 7.12.5 • https://github.com/salesagility/suitecrm/commit/e93b269f637de313f45b32c58cef5ec012a34f58 https://huntr.dev/bounties/55164a63-62e4-4fb6-b4ca-87eca14f6f31 • CWE-862: Missing Authorization •