salesagility — Vulnerabilities & Security Advisories 40

Browse all 40 CVE security advisories affecting salesagility. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Salesagility develops SuiteCRM, an open-source customer relationship management platform widely used for managing sales pipelines and customer interactions. The software’s extensive feature set and reliance on PHP-based architecture have historically exposed it to common web application vulnerabilities. Recorded Common Vulnerabilities and Exposures (CVEs) frequently involve remote code execution, cross-site scripting, and SQL injection, often stemming from insufficient input validation or improper access controls. Privilege escalation flaws have also been documented, allowing unauthorized users to gain administrative rights. While the project benefits from an active community contributing to security patches, the sheer volume of disclosed issues highlights the challenges of maintaining complex, legacy codebases. Users must prioritize regular updates and strict configuration hardening to mitigate these risks, as the open-source nature relies heavily on timely community-driven remediation to ensure platform integrity and data protection.

Top products by salesagility: SuiteCRM salesagility/suitecrm salesagility/suitecrm-core SuiteCRM-Core

CVEs 40

CVE ID	Title	CVSS	Severity	Published
CVE-2024-50335	Authenticated XSS in "Publish Key" Field Allowing Unauthorized Administrator User Creation in SuiteCRM — SuiteCRMCWE-79	4.9	Medium	2024-11-05
CVE-2024-50333	RCE in ModuleBuilder in SuiteCRM — SuiteCRMCWE-20	6.6	Medium	2024-11-05
CVE-2024-50332	Authenticated Blind SQL Injection in DeleteRelationShip in SuiteCRM — SuiteCRMCWE-89	8.8	High	2024-11-05
CVE-2024-49774	ModuleScanner flaws in SuiteCRM — SuiteCRMCWE-20	7.2	High	2024-11-05
CVE-2024-49773	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM — SuiteCRMCWE-89	5.3	Medium	2024-11-05
CVE-2024-49772	Authenticated SQL injection in AM_ProjectTemplates controller in SuiteCRM — SuiteCRMCWE-89	8.8	High	2024-11-05
CVE-2024-45392	SuiteCRM has wrong deletion permission checks on API delete call — SuiteCRMCWE-284	7.7	High	2024-09-05
CVE-2024-36419	SuiteCRM-Core Host Header Injection in /legacy — SuiteCRM-CoreCWE-601	4.3	Medium	2024-06-10
CVE-2024-36418	SuiteCRM authenticated RCE using connectors — SuiteCRMCWE-22	8.6	High	2024-06-10
CVE-2024-36416	SuiteCRM v4 API Excessive log data DOS — SuiteCRMCWE-779	8.6	High	2024-06-10
CVE-2024-36417	SuiteCRM Stored XSS Vulnerability Allows Code Execution via Malicious iFrame — SuiteCRMCWE-79	5.7	Medium	2024-06-10
CVE-2024-36415	SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution — SuiteCRMCWE-98	9.1	Critical	2024-06-10
CVE-2024-36414	SuiteCRM authenticated Server-Side Request Forgery — SuiteCRMCWE-918	7.7	High	2024-06-10
CVE-2024-36413	SuiteCRM authenticated Reflected Cross-Site Scripting — SuiteCRMCWE-79	8.9	High	2024-06-10
CVE-2024-36412	SuiteCRM unauthenticated SQL Injection — SuiteCRMCWE-89	10.0	Critical	2024-06-10
CVE-2024-36411	SuiteCRM authenticated SQL Injection in EmailUIAjax displayView controller — SuiteCRMCWE-89	9.6	Critical	2024-06-10
CVE-2024-36410	SuiteCRM authenticated SQL Injection in EmailUIAjax messages count controller — SuiteCRMCWE-89	9.6	Critical	2024-06-10
CVE-2024-36409	SuiteCRM authenticated SQL Injection in TreeData entrypoint — SuiteCRMCWE-89	9.6	Critical	2024-06-10
CVE-2024-36408	SuiteCRM authenticated SQL Injection in Alerts — SuiteCRMCWE-89	9.6	Critical	2024-06-10
CVE-2024-36407	SuiteCRM unauthenticated user password reset on php7 — SuiteCRMCWE-640	3.7	Low	2024-06-10
CVE-2024-36406	SuiteCRM vulnerable to open redirects — SuiteCRMCWE-601	5.4	Medium	2024-06-10
CVE-2023-47643	SuiteCRM has Unauthenticated Graphql Introspection Enabled — SuiteCRM-CoreCWE-200	3.1	Low	2023-11-21
CVE-2023-6131	Code Injection in salesagility/suitecrm — salesagility/suitecrmCWE-94	2.7	-	2023-11-14
CVE-2023-6130	Path Traversal: '\..\filename' in salesagility/suitecrm — salesagility/suitecrmCWE-29	8.1	-	2023-11-14
CVE-2023-6128	Cross-site Scripting (XSS) - Reflected in salesagility/suitecrm — salesagility/suitecrmCWE-79	5.4	-	2023-11-14
CVE-2023-6127	Unrestricted Upload of File with Dangerous Type in salesagility/suitecrm — salesagility/suitecrmCWE-434	8.8	-	2023-11-14
CVE-2023-6126	Code Injection in salesagility/suitecrm — salesagility/suitecrmCWE-94	2.7	-	2023-11-14
CVE-2023-6125	Code Injection in salesagility/suitecrm — salesagility/suitecrmCWE-94	2.7	-	2023-11-14
CVE-2023-6124	Server-Side Request Forgery (SSRF) in salesagility/suitecrm — salesagility/suitecrmCWE-918	6.5	-	2023-11-14
CVE-2023-5353	Improper Access Control in salesagility/suitecrm — salesagility/suitecrmCWE-284	5.4	-	2023-10-03

This page lists every published CVE security advisory associated with salesagility. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

salesagility — Vulnerabilities & Security Advisories 40