Directory Traversal Information Disclosure in SuiteCRM

Directory Traversal Information Disclosure in SuiteCRM

CVE-2021-41596 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.

Learn more about our Crm Penetration Testing.