Salesagility Suitecrm-Core vulnerabilities
2 known vulnerabilities affecting salesagility/suitecrm-core.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-47643P1MEDIUMCVSS 5.3ExploitedPoCfixed in 8.4.22023-11-21
CVE-2023-47643 [MEDIUM] CWE-200 CVE-2023-47643: SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, G
SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and understand the entire attack surface of the API, including sensitive fields
nvd
CVE-2024-36419P4MEDIUMCVSS 6.1fixed in 8.6.12024-06-10
CVE-2024-36419 [MEDIUM] CWE-601 CVE-2024-36419: SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerabil
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the `/legacy` route. Version 8.6.1 contains a patch for the issue.
nvd