BIT-suitecrm-2024-36415

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/suitecrm/BIT-suitecrm-2024-36415.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-suitecrm-2024-36415

Aliases

CVE-2024-36415
GHSA-c82f-58jv-jfrh

Published

2024-06-12T07:37:24.210Z

Modified

2025-10-09T19:42:20.127635Z

Summary

SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution

Details

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Database specific

{
    "cpes": [
        "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

Affected packages

Bitnami / suitecrm

Package

Name: suitecrm
Purl: pkg:bitnami/suitecrm

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.14.4

Introduced

8.0.0

Fixed

8.6.1