SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via addtoprospect_list.
{ "cpes": [ "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*" ], "severity": "Critical" }