Lucene search
China National Vulnerability DatabaseCNVD-2022-05432HistoryJan 16, 2022 - 12:00 a.m.
SuiteCRM Cross-Site Request Forgery Vulnerability
2022-01-1600:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
suitecrm
cross-site request forgery
vulnerability
zip archive
php files
remote code execution
upgradewizard
lack of token validation
security issue
EPSS
0.007
Percentile
80.5%
SuiteCRM is a customer relationship management system from the SuiteCRM (Suitecrm) team.SuiteCRM has a cross-site request forgery vulnerability in versions prior to 7.11.21, which stems from the software’s lack of token validation for cross-site request forgery. If the ZIP archive file contains PHP files, remote code can be executed via the UpgradeWizard function. No detailed vulnerability details are currently available.
Related
cvelist
cvelist
CVE-2021-41597
2022-01-12 19:17:05
cve
cve
CVE-2021-41597
2022-01-12 20:15:08
osv
osv
CVE-2021-41597
2022-01-12 20:15:08
BIT-suitecrm-2021-41597
2024-03-06 11:09:44
prion
prion
Cross site request forgery (csrf)
2022-01-12 20:15:00
nvd
nvd
CVE-2021-41597
2022-01-12 20:15:08