Salesagility

Suite CRM

105 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2019-25664

Exploit
  • EPSS 0.34%
  • Veröffentlicht 05.04.2026 20:45:18
  • Zuletzt bearbeitet 20.04.2026 18:11:18

SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter ...

7.1

CVE-2019-25663

Exploit
  • EPSS 0.34%
  • Veröffentlicht 05.04.2026 20:45:17
  • Zuletzt bearbeitet 20.04.2026 18:11:50

SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parent...

6.5

CVE-2025-64493

  • EPSS 0.29%
  • Veröffentlicht 08.11.2025 01:16:22
  • Zuletzt bearbeitet 25.11.2025 17:33:58

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind (time-based) SQL-injection inside the appMetadata-operation of the GraphQL-API...

8.8

CVE-2025-64492

  • EPSS 0.3%
  • Veröffentlicht 08.11.2025 01:07:23
  • Zuletzt bearbeitet 25.11.2025 17:33:24

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 8.9.0 and below contain a time-based blind SQL Injection vulnerability. This vulnerability allows an authenticated attacker to infer da...

6.1

CVE-2025-64491

  • EPSS 0.17%
  • Veröffentlicht 08.11.2025 00:45:07
  • Zuletzt bearbeitet 25.11.2025 17:33:02

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.7 and below allow unauthenticated reflected Cross-Site Scripting (XSS). Successful exploitation could lead to full account takeove...

8.3

CVE-2025-64490

  • EPSS 0.23%
  • Veröffentlicht 08.11.2025 00:22:38
  • Zuletzt bearbeitet 25.11.2025 17:32:46

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 allow a low-privileged user with a restrictive role to view and create work items through ...

8.8

CVE-2025-64489

  • EPSS 0.3%
  • Veröffentlicht 08.11.2025 00:15:44
  • Zuletzt bearbeitet 25.11.2025 17:31:42

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 contain a privilege escalation vulnerability where user sessions are not invalidated upon ...

8.8

CVE-2025-64488

  • EPSS 0.38%
  • Veröffentlicht 07.11.2025 23:59:46
  • Zuletzt bearbeitet 25.11.2025 17:29:30

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.7 and below and 8.0.0-beta.1 through 8.9.0 8.0.0-beta.1, an attacker can craft a malicious call_id that alters the logic of the...

9.8

CVE-2022-50589

  • EPSS 0.56%
  • Veröffentlicht 06.11.2025 20:15:36
  • Zuletzt bearbeitet 24.11.2025 19:07:23

SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary co...

5.3

CVE-2022-50590

  • EPSS 0.32%
  • Veröffentlicht 06.11.2025 20:15:36
  • Zuletzt bearbeitet 24.11.2025 19:05:39

SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database ob...