An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution.
{ "cpes": [ "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*" ], "severity": "High" }