cbcvebase.

Salesagility Suitecrm vulnerabilities

105 known vulnerabilities affecting salesagility/suitecrm.

Total CVEs
105
CISA KEV
0
Public exploits
5
Exploited in wild
1
Severity breakdown
CRITICAL21HIGH43MEDIUM40LOW1

Vulnerabilities

Page 6 of 6
CVE-2022-0755P4MEDIUMCVSS 4.3fixed in 7.12.52022-03-07
CVE-2022-0755 [MEDIUM] CWE-862 CVE-2022-0755: Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.
nvd
CVE-2024-45392P4MEDIUMCVSS 4.3fixed in 7.14.5≥ 8.0.0, < 8.6.2+1 more2024-09-05
CVE-2024-45392 [MEDIUM] CWE-284 CVE-2024-45392: SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 an SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue.
nvd
CVE-2023-6124P4MEDIUMCVSS 4.3fixed in 7.12.14v7.14.0+3 more2023-11-14
CVE-2023-6124 [MEDIUM] CWE-918 CVE-2023-6124: Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2 Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14.
nvd
CVE-2023-3293P4MEDIUMCVSS 4.8≥ 8.0.0, < 8.0.32023-06-16
CVE-2023-3293 [MEDIUM] CWE-79 CVE-2023-3293: Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0. Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0.
nvd
CVE-2025-54787P4LOWCVSS 3.7≥ 8.6.0, < 8.8.1v7.14.62025-08-07
CVE-2025-54787 [LOW] CWE-285 CVE-2025-54787: SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software applica SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID (e.g. attachments). An unauthenticated attacker could download internal files when he
nvd
Salesagility Suitecrm vulnerabilities | cvebase