Salesagility

Suite CRM

103 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-54784

  • EPSS 0.03%
  • Veröffentlicht 07.08.2025 00:07:07
  • Zuletzt bearbeitet 12.08.2025 20:55:36

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a Cross Site Scripting (XSS) vulnerability in the email viewer in versions 7.14.0 through 7.14.6. An external attacker could send a pre...

6.1

CVE-2025-54783

  • EPSS 0.03%
  • Veröffentlicht 07.08.2025 00:05:11
  • Zuletzt bearbeitet 12.08.2025 20:56:37

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to execute JavaScript...

8.8

CVE-2025-54788

  • EPSS 0.07%
  • Veröffentlicht 06.08.2025 23:48:55
  • Zuletzt bearbeitet 14.08.2025 20:12:35

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in the backend database, leading to SQL injection. This...

5.3

CVE-2025-54786

  • EPSS 0.05%
  • Veröffentlicht 06.08.2025 23:23:00
  • Zuletzt bearbeitet 14.08.2025 20:14:38

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthentic...

8.8

CVE-2025-54785

  • EPSS 0.13%
  • Veröffentlicht 06.08.2025 23:15:16
  • Zuletzt bearbeitet 13.08.2025 18:12:57

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead ...

8.8

CVE-2022-45185

Exploit
  • EPSS 0.27%
  • Veröffentlicht 07.01.2025 20:15:28
  • Zuletzt bearbeitet 15.04.2025 18:38:13

An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution.

8.1

CVE-2022-45186

Exploit
  • EPSS 0.13%
  • Veröffentlicht 07.01.2025 20:15:28
  • Zuletzt bearbeitet 15.04.2025 18:33:57

An issue was discovered in SuiteCRM 7.12.7. Authenticated users can recover an arbitrary field of a database.

5.4

CVE-2024-50335

  • EPSS 0.59%
  • Veröffentlicht 05.11.2024 19:15:07
  • Zuletzt bearbeitet 08.11.2024 15:09:07

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. The "Publish Key" field in SuiteCRM's Edit Profile page is vulnerable to Reflected Cross-Site Scripting (XSS), allowing an attacker to inject ma...

6.5

CVE-2024-49773

  • EPSS 0.11%
  • Veröffentlicht 05.11.2024 19:15:06
  • Zuletzt bearbeitet 13.11.2024 20:29:11

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. `current_...

7.2

CVE-2024-49774

  • EPSS 0.03%
  • Veröffentlicht 05.11.2024 19:15:06
  • Zuletzt bearbeitet 13.11.2024 20:40:26

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some synta...