CVE-2020-15301
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/11/2020
Last modified:
02/12/2020
Description
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:* | 7.11.13 (including) |
To consult the complete list of CPE names with products and versions, see this page