CVE-2021-41597
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-41597
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41597.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-41597
- Aliases
- Published
- 2022-01-12T20:15:08Z
- Modified
- 2025-07-29T10:09:02.054951Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.
- References
Affected packages
Git / github.com/salesagility/suitecrm
Affected versions
7.*
7.9.15
v7.*
v7.10.0
v7.10.1
v7.10.10
v7.10.11
v7.10.12
v7.10.13
v7.10.14
v7.10.15
v7.10.16
v7.10.17
v7.10.18
v7.10.19
v7.10.2
v7.10.20
v7.10.21
v7.10.22
v7.10.23
v7.10.26
v7.10.27
v7.10.28
v7.10.29
v7.10.3
v7.10.30
v7.10.31
v7.10.32
v7.10.33
v7.10.34
v7.10.4
v7.10.5
v7.10.6
v7.10.7
v7.10.8
v7.10.9
v7.8.12
v7.8.14
v7.8.15
v7.8.16
v7.8.17
v7.8.18
v7.8.19
v7.8.20
v7.9.16
v7.9.17