suitecrm · threatengine.sh

Home/Product/salesagility suitecrm

Product

salesagility suitecrm

124 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action th

SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injec

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 8.9.3,

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions up to and inclu

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 8.9.3,

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. A Critical Remote Code E

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM 7.15.0 contains

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions prior to 7.15.1

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1

>= 8.6.0 and < 8.9.1

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 8.6.0 throug

>= 8.0.0 and < 8.9.1

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 8.9.0 and below

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.7 and belo

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.7 and prio

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.7 and prio

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.7 and b

SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter with

SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within t

Cross-Site Scripting (XSS) vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScrip

>= 8.6.0 and < 8.8.1

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a vulnerability

>= 7.14.0 and < 7.14.7

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a Cross Site Sc

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.6 and belo

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions and below, t

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and

An issue was discovered in SuiteCRM 7.12.7. Authenticated users can recover an arbitrary field of a database.

An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserializa

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. The "Publish Key" field

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not valida

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Insufficient input value

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM relies on the b

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Poor input validation in

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.1

SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access c

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vuln

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unv

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a depr

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vuln

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vuln

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vuln

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vuln

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poo

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poo

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poo

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poo

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a u

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unc

Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI.

Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the applic

SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enable

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14.

Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.

Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1.

SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.

Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1.

>= 8.0.0 and < 8.0.3

Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0.

Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9.

SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field.

SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Repor

Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.

Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.

SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5.

SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution.

SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion.

SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution.

>= 7.10.0 and < 7.10.35

SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PH

A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2

SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, invo

SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances invol

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbit

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbit

>= 7.10.0 and < 7.10.33

SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation.

>= 7.1.7 and < 7.10.32

In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset

>= 7.10.29 and < 7.10.32

In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnera

Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitr

Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitr

XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field

SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.

SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could

SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules.

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumsta

>= 7.10.0 and < 7.10.21

SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials.

>= 7.10.0 and < 7.10.21

SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism.

>= 7.10.0 and < 7.10.23

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted.

>= 7.10.0 and < 7.10.23

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4).

>= 7.10.0 and < 7.10.23

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4).

>= 7.10.0 and < 7.10.23

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4).

>= 7.10.0 and < 7.10.23

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4).

SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module.

SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.

SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.

SuiteCRM through 7.11.11 allows PHAR Deserialization.

SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.

>= 7.10.0 and < 7.10.21

SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection.

>= 7.10.0 and < 7.10.20

SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation.

>= 7.10.0 and < 7.10.19

SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.

>= 7.10.0 and < 7.10.20

SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS.

>= 7.10.0 and < 7.10.20

SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files.

>= 7.8.0 and <= 7.8.5

SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3).

>= 7.8.0 and <= 7.8.5

SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3).

>= 7.10.0 and < 7.10.17

SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection.

>= 7.8.0 and <= 7.8.5

SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3).

>= 7.0.0 and < 7.8.24

An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to c

SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection.

>= 7.0.0 and < 7.8.21

An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error mess

Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists becaus

SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin