CVE-2020-15301

2020-11-1821:15:11

Google

osv.dev

suitecrm

7.11.13

csv injection

registration fields

mishandling

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

27.2%

JSON

SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.

References

www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-010