cbcvebase.

Salesagility Suitecrm vulnerabilities

105 known vulnerabilities affecting salesagility/suitecrm.

Total CVEs
105
CISA KEV
0
Public exploits
5
Exploited in wild
1
Severity breakdown
CRITICAL21HIGH43MEDIUM40LOW1

Vulnerabilities

Page 2 of 6
CVE-2020-8784P3CRITICALCVSS 9.8≥ 7.10.0, < 7.10.23≥ 7.11.0, < 7.11.112020-03-16
CVE-2020-8784 [CRITICAL] CWE-89 CVE-2020-8784: SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection ( SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4).
nvd
CVE-2020-8783P3CRITICALCVSS 9.8≥ 7.10.0, < 7.10.23≥ 7.11.0, < 7.11.112020-03-16
CVE-2020-8783 [CRITICAL] CWE-89 CVE-2020-8783: SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection ( SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4).
nvd
CVE-2020-8785P3CRITICALCVSS 9.8≥ 7.10.0, < 7.10.23≥ 7.11.0, < 7.11.112020-03-16
CVE-2020-8785 [CRITICAL] CWE-89 CVE-2020-8785: SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection ( SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4).
nvd
CVE-2020-8786P3CRITICALCVSS 9.8≥ 7.10.0, < 7.10.23≥ 7.11.0, < 7.11.112020-03-16
CVE-2020-8786 [CRITICAL] CWE-89 CVE-2020-8786: SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection ( SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4).
nvd
CVE-2021-45041P3HIGHCVSS 8.8fixed in 7.12.2v8.0+1 more2021-12-19
CVE-2021-45041 [HIGH] CWE-89 CVE-2021-45041: SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips acti SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resource_id and start_date.
nvd
CVE-2020-8802P3CRITICALCVSS 9.8≤ 7.11.112020-02-13
CVE-2020-8802 [CRITICAL] CWE-89 CVE-2020-8802: SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation. SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.
nvd
CVE-2019-12599P3CRITICALCVSS 9.8≥ 7.10.0, < 7.10.17≥ 7.11.0, < 7.11.52019-06-07
CVE-2019-12599 [CRITICAL] CWE-89 CVE-2019-12599: SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection. SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection.
nvd
CVE-2020-8800P3HIGHCVSS 8.8≤ 7.11.112020-02-13
CVE-2020-8800 [HIGH] CWE-74 CVE-2020-8800: SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection. SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.
nvd
CVE-2019-12598P3CRITICALCVSS 9.8≥ 7.8.0, ≤ 7.8.5≥ 7.8.6, ≤ 7.8.11+3 more2019-06-07
CVE-2019-12598 [CRITICAL] CWE-89 CVE-2019-12598: SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection ( SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3).
nvd
CVE-2019-12601P3CRITICALCVSS 9.8≥ 7.8.0, ≤ 7.8.5≥ 7.8.6, ≤ 7.8.11+3 more2019-06-07
CVE-2019-12601 [CRITICAL] CWE-89 CVE-2019-12601: SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection ( SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3).
nvd
CVE-2019-12600P3CRITICALCVSS 9.8≥ 7.8.0, ≤ 7.8.5≥ 7.8.6, ≤ 7.8.11+3 more2019-06-07
CVE-2019-12600 [CRITICAL] CWE-89 CVE-2019-12600: SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection ( SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3).
nvd
CVE-2022-45185P3HIGHCVSS 8.8v7.12.72025-01-07
CVE-2022-45185 [HIGH] CWE-502 CVE-2022-45185: An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload mali An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution.
nvd
CVE-2024-36408P3HIGHCVSS 8.8fixed in 7.14.4≥ 8.0.0, < 8.6.1+1 more2024-06-10
CVE-2024-36408 [HIGH] CWE-89 CVE-2024-36408: SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
nvd
CVE-2024-49772P3HIGHCVSS 8.8fixed in 7.14.6≥ 8.0.0, < 8.7.1+1 more2024-11-05
CVE-2024-49772 [HIGH] CWE-89 CVE-2024-49772: SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database. This issue has been addressed in releases 7.14.6 and 8.7.1. Users are advise
nvd
CVE-2024-50333P3HIGHCVSS 8.8fixed in 7.14.6≥ 8.0.0, < 8.7.1+1 more2024-11-05
CVE-2024-50333 [HIGH] CWE-20 CVE-2024-50333: SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels() function can be used to write attacker-controlled data into the custom language file that will be included at the runtime. This issue has been addressed in v
nvd
CVE-2021-41869P3HIGHCVSS 8.8≥ 7.10.0, < 7.10.33≥ 7.11.0, < 7.11.222021-10-04
CVE-2021-41869 [HIGH] CVE-2021-41869: SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation. SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation.
nvd
CVE-2015-5947P3HIGHCVSS 8.1≤ 7.2.22017-09-06
CVE-2015-5947 [HIGH] CWE-362 CVE-2015-5947: SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.
nvd
CVE-2024-36411P3HIGHCVSS 8.8fixed in 7.14.4≥ 8.0.0, < 8.6.1+1 more2024-06-10
CVE-2024-36411 [HIGH] CWE-89 CVE-2024-36411: SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
nvd
CVE-2024-36410P3HIGHCVSS 8.8fixed in 7.14.4≥ 8.0.0, < 8.6.1+1 more2024-06-10
CVE-2024-36410 [HIGH] CWE-89 CVE-2024-36410: SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
nvd
CVE-2025-64490P3HIGHCVSS 8.3fixed in 7.14.8≥ 8.0.0, < 8.9.12025-11-08
CVE-2025-64490 [HIGH] CWE-863 CVE-2025-64490: SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 allow a low-privileged user with a restrictive role to view and create work items through the Resource Calendar and project screens, even when the related modules (Projects, Project Tasks, Task
nvd
Salesagility Suitecrm vulnerabilities | cvebase