CVE-2020-15301

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/11/2020
Last modified:
02/12/2020

Description

SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:* 7.11.13 (including)