Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SuiteCRM — Vulnerabilities & Security Advisories 51

All 51 CVE vulnerabilities found in SuiteCRM, with AI-generated Chinese analysis, references, and POCs.

Vendor: salesagility

CVE IDTitleCVSSSeverityPublished
CVE-2019-25664 SuiteCRM 7.10.7 SQL Injection via record Parameter CWE-89 7.1 High2026-04-05
CVE-2019-25663 SuiteCRM 7.10.7 SQL Injection via parentTab Parameter CWE-89 7.1 High2026-04-05
CVE-2026-33289 SuiterCRM has LDAP Filter Injection in Authentication Module CWE-90 8.8 High2026-03-19
CVE-2026-33288 SuiteCRM has Authenticated SQL Injection in Authentication Module CWE-89 8.8 High2026-03-19
CVE-2026-29189 SuiteCRM has a REST API V8 IDOR: Missing ACL Checks on User Preferences and Relationship Endpoints CWE-639 8.1 High2026-03-19
CVE-2026-29107 SuiteCRM vulnerable to authenticated SSRF via PDF export CWE-918 5.0 Medium2026-03-19
CVE-2026-29106 SuiteCRM has blind XSS in return_id parameter CWE-79 5.9 Medium2026-03-19
CVE-2026-29105 SuiteCRM has Unauthenticated Open Redirect in Leads WebToLead Capture CWE-601 5.4 Medium2026-03-19
CVE-2026-29104 SuiteCRM Vulnerable to Authenticated Arbitrary File Upload via Configurator addfontresult View in SuiteCRM CWE-434 2.7 Low2026-03-19
CVE-2026-29103 SuiteCRM Vulnerable to Remote Code Execution via Module Loader Package Scanner Bypass CWE-94 9.1 Critical2026-03-19
CVE-2026-29102 SuiteCRM has Authenticated RCE in Modules CWE-94 7.2 High2026-03-19
CVE-2026-29101 SuiteCRM Vulnerable to Directory Traversal to DoS in Modules CWE-23 4.9 Medium2026-03-19
CVE-2026-29100 SuiteCRM has Reflected HTML Injection in Login Page via default_user_name Parameter CWE-79 7.1 High2026-03-19
CVE-2026-29099 SuiteCRM has Authenticated Blind SQL Injection in OutboundEmail Legacy Functionality. CWE-89 8.8 High2026-03-19
CVE-2026-29098 SuiteCRM has Relative Path Traversal via ModuleBuilder Modules ExportCustom Action CWE-23 4.9 Medium2026-03-19
CVE-2026-29097 SuiteCRM Server-Side Request Forgery and Denial of Service via RSS Feed Dashlet CWE-918 6.5 -2026-03-19
CVE-2026-29096 SuiteCRM vulnerable to Authenticated SQL Injection via unsanitized field_function in Report Fields CWE-89 8.1 High2026-03-19
CVE-2025-64491 SuiteCRM is vulnerable to unauthenticated reflected XSS through its Login page CWE-79 6.1 Medium2025-11-08
CVE-2025-64490 SuiteCRM's Inconsistent RBAC Enforcement Enables Access Control Bypass CWE-863 8.3 High2025-11-08
CVE-2025-64489 SuiteCRM: Privilege Escalation via Improper Session Invalidation and Inactive User Bypass CWE-269 8.3 High2025-11-08
CVE-2025-64488 SuiteCRM: Authenticated SQL Injection Possible in Reschedule Call Module CWE-89 8.8 -2025-11-07
CVE-2022-50590 SuiteCRM < 7.12.6 Type Confusion via 'deleteAttachment' Functionality CWE-843 7.5 -2025-11-06
CVE-2022-50589 SuiteCRM < 7.12.6 SQL Injection via 'export' Functionality CWE-89 9.8 -2025-11-06
CVE-2025-41384 Reflected Cross-Site Scripting (XSS) in SuiteCRM CWE-79 6.1AIMediumAI2025-10-27
CVE-2025-54787 SuiteCRM: Improper Authorization for attachment downloads CWE-285 3.7 Low2025-08-07
CVE-2025-54784 SuiteCRM is vulnerable to Cross Site Scripting (XSS) through its email viewer CWE-79 8.8AIHighAI2025-08-07
CVE-2025-54783 SuiteCRM: Reflected Cross Site Scripting (XSS) through HTTP Referrer header CWE-79 6.1AIMediumAI2025-08-07
CVE-2025-54788 SuiteCRM: Authenticated Blind SQL Injection in InboundEmail module CWE-89 8.8 High2025-08-06
CVE-2025-54785 SuiteCRM is Vulnerable to PHP Object Injection in Reports CWE-20 8.8 High2025-08-06
CVE-2024-50335 Authenticated XSS in "Publish Key" Field Allowing Unauthorized Administrator User Creation in SuiteCRM CWE-79 4.9 Medium2024-11-05

All 51 known CVE vulnerabilities affecting SuiteCRM with full Chinese analysis, references, and POCs where available.