Salesagility

Suite CRM

103 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2024-36417

  • EPSS 0.79%
  • Veröffentlicht 10.06.2024 20:15:14
  • Zuletzt bearbeitet 21.11.2024 09:22:08

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8...

8.8

CVE-2024-36411

  • EPSS 0.24%
  • Veröffentlicht 10.06.2024 20:15:13
  • Zuletzt bearbeitet 21.11.2024 09:22:07

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a f...

9.8

CVE-2024-36412

  • EPSS 93.64%
  • Veröffentlicht 10.06.2024 20:15:13
  • Zuletzt bearbeitet 21.11.2024 09:22:07

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for ...

8.8

CVE-2024-36409

  • EPSS 0.24%
  • Veröffentlicht 10.06.2024 18:15:35
  • Zuletzt bearbeitet 21.11.2024 09:22:07

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this i...

8.8

CVE-2024-36410

  • EPSS 0.07%
  • Veröffentlicht 10.06.2024 18:15:35
  • Zuletzt bearbeitet 21.11.2024 09:22:07

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain ...

6.5

CVE-2024-36407

  • EPSS 0.21%
  • Veröffentlicht 10.06.2024 17:16:32
  • Zuletzt bearbeitet 21.11.2024 09:22:06

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But th...

8.8

CVE-2024-36408

  • EPSS 0.24%
  • Veröffentlicht 10.06.2024 17:16:32
  • Zuletzt bearbeitet 21.11.2024 09:22:07

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

5.4

CVE-2024-36406

  • EPSS 0.21%
  • Veröffentlicht 10.06.2024 15:15:52
  • Zuletzt bearbeitet 12.08.2025 20:20:47

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

8.8

CVE-2024-1644

Exploit
  • EPSS 0.24%
  • Veröffentlicht 20.02.2024 00:15:14
  • Zuletzt bearbeitet 31.12.2024 14:30:42

Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI.

5

CVE-2023-6388

Exploit
  • EPSS 0.05%
  • Veröffentlicht 07.02.2024 03:15:49
  • Zuletzt bearbeitet 29.09.2025 18:15:29

Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF.