Local File Inclusion Vulnerability in SuiteCRM by SalesAgility
CVE-2021-45898

9.8CRITICAL

Key Information:

Vendor: Salesagility
Status: Suitecrm
Vendor: CVE Published:; 28 January 2022

Summary

SuiteCRM versions prior to 7.12.3 and 8.0.2 are susceptible to a local file inclusion vulnerability, which may allow an attacker to include files from the local server. This could potentially lead to exposure of sensitive information or other malicious actions. It is crucial for users to update their SuiteCRM installations to the latest versions to mitigate this risk.

References

https://docs.suitecrm.com/8.x/admin/releases/8.0/

x_refsource_MISC

https://docs.suitecrm.com/admin/releases/7.12.x/

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 28, 2022
Vulnerability Reserved
Dec 27, 2021