CVE-2020-8803

Description

SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list.

How to fix CVE-2020-8803

To remediate CVE-2020-8803, upgrade the affected package to a fixed version below.

• Bitnami/suitecrm—upgrade to 7.11.12 or later

Is CVE-2020-8803 being exploited?

Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 7.11.12

CVSS scores

References (4)

• WEBpacketstormsecurity.com/files/156329/SuiteCRM-7.11.11-Broken-Access-Control-Local-File-Inclusion.html
• WEBseclists.org/fulldisclosure/2020/Feb/6
• WEBnvd.nist.gov/vuln/detail/CVE-2020-8803
• WEBsuitecrm.com