Code Injection in salesagility/suitecrm
CVE-2023-6126

9.8CRITICAL

Key Information:

Vendor: salesagility
Status: salesagility/suitecrm
Vendor: CVE Published:; 14 November 2023

🔔 Create salesagility Vulnerability Alert

What is CVE-2023-6126?

A code injection vulnerability was identified in SuiteCRM, allowing attackers to execute arbitrary code on the affected systems. This vulnerability impacts SuiteCRM versions prior to 7.14.2, along with versions 7.12.14 and 8.4.2. If exploited, it can lead to unauthorized access and manipulation of sensitive data, posing a significant risk to any organization utilizing these versions. Users are strongly advised to update to the latest versions to mitigate potential security risks.

Affected Version(s)

salesagility/suitecrm < 7.14.2, 7.12.14, 8.4.2

References

https://huntr.com/bounties/e22a9be3-3273-42cb-bfcc-c67a10...

https://github.com/salesagility/suitecrm/commit/54bc56c3b...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Nov 14, 2023