Code Injection in salesagility/suitecrm
CVE-2023-6131

7.2HIGH

Key Information:

Vendor
Salesagility
Status
Salesagility/suitecrm
Vendor
CVE Published:
14 November 2023

Summary

A code injection vulnerability has been identified in SuiteCRM, affecting multiple versions available before 7.14.2, 7.12.14, and 8.4.2. This flaw may allow an attacker to execute arbitrary code, potentially compromising the integrity and security of the application. Immediate updates to the latest versions are recommended to mitigate this risk. For detailed information, refer to the official repository and commit log.

Affected Version(s)

salesagility/suitecrm < 7.14.2, 7.12.14, 8.4.2

References

https://huntr.com/bounties/5fa50b25-f6b1-408c-99df-4442c8...
https://github.com/salesagility/suitecrm/commit/54bc56c3b...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-6131 : Code Injection in salesagility/suitecrm | SecurityVulnerability.io