exploitDog

CVE-2020-15301

Опубликовано: 18 нояб. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.

Ссылки

https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-010
Third Party Advisory
https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-010
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*

Версия до 7.11.13 (включая)

EPSS

Процентиль: 50%

0.00273

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-1236

Связанные уязвимости

GHSA-8hfg-c2jc-x92h

github

больше 3 лет назад

SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.

EPSS

Процентиль: 50%

0.00273

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-1236