BIT-suitecrm-2024-36415

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/suitecrm/BIT-suitecrm-2024-36415.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-suitecrm-2024-36415
Aliases
Published
2024-06-12T07:37:24.210Z
Modified
2025-05-20T10:02:07.006Z
Summary
SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution
Details

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Database specific
{
    "severity": "High",
    "cpes": [
        "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*"
    ]
}
References

Affected packages

Bitnami / suitecrm

Package

Name
suitecrm
Purl
pkg:bitnami/suitecrm

Severity

  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.14.4
Introduced
8.0.0
Fixed
8.6.1