CVE-2020-15301

Publication date

2020-11-18 21:00:24

Family

mitre

State

PUBLISHED

Description

SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.