Main Vulnerability Database SB2020032021

SB2020032021 - Input validation error in SalesAgility SuiteCRM

Published: March 20, 2020 Updated: August 8, 2020

Security Bulletin ID SB2020032021

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2019-18782)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism.

Install update from vendor's website.