CtrlK

SuiteCRM

Enumeration

wordlists/technologies/suitecrm-all-levels.txt at main · trickest/wordlistsGitHub

wordlists/technologies/suitecrm.txt at main · trickest/wordlistsGitHub

CVE-2024-36415 - RCE

What is a RCE after all? Just pieces of puzzle put together - RCE with bits and pieces (CVE-2024-36415)SECarius

CVE-2024-1644 - LFI to RCE

Suite CRM v7.14.2 - RCE via LFI | Advisories | Fluid Attacks

CVE-2024-36412 - Authent SQLi

Prior to versions 7.14.4 and 8.6.1

https://www.sonicwall.com/blog/critical-sql-injection-vulnerability-in-suitecrm-cve-2024-36412www.sonicwall.com

CVE-2024-36417 - Stored XSS - <= 7.14.3

Unverified IFrame can be added some inputs which could allow for a XSS attack

Stored XSS Vulnerability Allows Code Execution via Malicious iFrameGitHub

CVE-2022-23940 - RCE

Affected Versions: SuiteCRM (≤7.12.4) and SuiteCRM-Core (≤ 8.0.3)

CVE-2022–23940 — RCE in SuiteCRMMedium

GitHub - manuelz120/CVE-2022-23940: PoC for CVE-2022-23940GitHub

CVE-2021-42840 - RCE

SuiteCRM 7.11.18

SuiteCRM 7.11.18 - Remote Code Execution (RCE) (Authenticated) (Metasploit)Exploit Database

CVE-2021-39268 - Stored XSS

[CVE-2021-39268] Stored XSS via SVG on SuiteCRM 7.11.18Thanhlocpanda

PreviousSquid Proxy NextSymfony

Last updated 4 months ago