CVE-2024-36415

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-98
View all →

Vulnerability Description

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Related Vulnerabilities

CVE-2022-4606

HIGH
CVSS:8.8(High)

PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.

CWE-982022

CVE-2023-24217

HIGH
CVSS:8.8(High)

AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability.

CWE-982023

CVE-2023-49084

HIGH
CVSS:8.8(High)

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the includ...

CWE-982023

CVE-2024-10436

HIGH
CVSS:8.8(High)

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function. This makes it possib...

CWE-982024

CVE-2024-10873

HIGH
CVSS:8.8(High)

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the _load_template function. This makes it possible f...

CWE-982024

CVE-2024-10898

HIGH
CVSS:8.8(High)

The Contact Form 7 Email Add on plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the cf7_email_add_on_add_admin_template() function. This makes ...

CWE-982024