Salesagility ≫ Suite CRM

SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.

SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation.

SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS.

SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files.

SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3).

SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection.

SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3).

SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3).

An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a ma...

SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection.