CVE-2021-41596

MEDIUM

SuiteCRM < 7.10.33 and 7.11.22 - Path Traversal and Information Disclosure via RefreshMapping Import

Title source: llm

Description

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.

References (5)

Core 5

Core References

Vendor Advisory x_refsource_misc

https://suitecrm.com

Product, Third Party Advisory x_refsource_misc

https://github.com/salesagility/SuiteCRM

Release Notes, Vendor Advisory x_refsource_confirm

https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33

Release Notes, Vendor Advisory x_refsource_confirm

https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22

Third Party Advisory x_refsource_misc

https://github.com/ach-ing/cves/blob/main/CVE-2021-41596.md

View Writeup ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0177

EPSS Percentile 75.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

salesagility/suitecrm < 7.10.33

Published Oct 04, 2021

Tracked Since Feb 18, 2026