CVE-2020-15301
HIGHSuiteCRM < 7.11.13 - CSV Injection via Registration Fields in Import Template
Title source: llmDescription
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-010
Scores
CVSS v3
7.8
EPSS
0.0078
EPSS Percentile
51.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-1236
Status
published
Products (1)
salesagility/suitecrm
< 7.11.13
Published
Nov 18, 2020
Tracked Since
Feb 18, 2026