CVE-2020-15301

HIGH

SuiteCRM <7.11.13 - Code Injection

Title source: llm

Description

SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.

References (1)

[Third Party Advisory] https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-010

Scores

CVSS v3 7.8

EPSS 0.0027

EPSS Percentile 50.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-1236

Status published

Products (1)

salesagility/suitecrm < 7.11.13

Published Nov 18, 2020

Tracked Since Feb 18, 2026