CVE-2020-8803

CVE-2020-8803

EPSS 3.3%

SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/156329/SuiteCRM-7.11.11-Broken-Access-Control-Local-File-Inclusion.html http://seclists.org/fulldisclosure/2020/Feb/6 https://suitecrm.com