SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41597.json"