Description
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality.
Related CPE's
a
salesagility
suitecrm
2
References
https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33
Release NotesVendor Advisory
https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22
Release NotesVendor Advisory
https://github.com/ach-ing/cves/blob/main/CVE-2021-41595.md
Third Party Advisory
https://github.com/salesagility/SuiteCRM
ProductThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-10-04T17:15:08.777
3 years agoLast modified
2021-10-12T20:11:39.517
3 years ago