Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

SuiteCRM — Vulnerabilities & Security Advisories 51

All 51 CVE vulnerabilities found in SuiteCRM, with AI-generated Chinese analysis, references, and POCs.

Vendor: salesagility

CVE IDTitleCVSSSeverityPaused
CVE-2024-50333 RCE in ModuleBuilder in SuiteCRM CWE-20 6.6 Medium2024-11-05
CVE-2024-50332 Authenticated Blind SQL Injection in DeleteRelationShip in SuiteCRM CWE-89 8.8 High2024-11-05
CVE-2024-49774 ModuleScanner flaws in SuiteCRM CWE-20 7.2 High2024-11-05
CVE-2024-49773 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM CWE-89 5.3 Medium2024-11-05
CVE-2024-49772 Authenticated SQL injection in AM_ProjectTemplates controller in SuiteCRM CWE-89 8.8 High2024-11-05
CVE-2024-45392 SuiteCRM has wrong deletion permission checks on API delete call CWE-284 7.7 High2024-09-05
CVE-2024-36418 SuiteCRM authenticated RCE using connectors CWE-22 8.6 High2024-06-10
CVE-2024-36416 SuiteCRM v4 API Excessive log data DOS CWE-779 8.6 High2024-06-10
CVE-2024-36417 SuiteCRM Stored XSS Vulnerability Allows Code Execution via Malicious iFrame CWE-79 5.7 Medium2024-06-10
CVE-2024-36415 SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution CWE-98 9.1 Critical2024-06-10
CVE-2024-36414 SuiteCRM authenticated Server-Side Request Forgery CWE-918 7.7 High2024-06-10
CVE-2024-36413 SuiteCRM authenticated Reflected Cross-Site Scripting CWE-79 8.9 High2024-06-10
CVE-2024-36412 SuiteCRM unauthenticated SQL Injection CWE-89 10.0 Critical2024-06-10
CVE-2024-36411 SuiteCRM authenticated SQL Injection in EmailUIAjax displayView controller CWE-89 9.6 Critical2024-06-10
CVE-2024-36410 SuiteCRM authenticated SQL Injection in EmailUIAjax messages count controller CWE-89 9.6 Critical2024-06-10
CVE-2024-36409 SuiteCRM authenticated SQL Injection in TreeData entrypoint CWE-89 9.6 Critical2024-06-10
CVE-2024-36408 SuiteCRM authenticated SQL Injection in Alerts CWE-89 9.6 Critical2024-06-10
CVE-2024-36407 SuiteCRM unauthenticated user password reset on php7 CWE-640 3.7 Low2024-06-10
CVE-2024-36406 SuiteCRM vulnerable to open redirects CWE-601 5.4 Medium2024-06-10
CVE-2021-25960 SuiteCRM - CSV Injection in Accounts Module CWE-1236 8.0 High2021-09-29
CVE-2021-25961 SuiteCRM - Account Takeover in Password Reset Functionality CWE-640 8.0 High2021-09-29

All 51 known CVE vulnerabilities affecting SuiteCRM with full Chinese analysis, references, and POCs where available.