Security Research & Advisories

Open Redirect Vulnerability in SuiteCRM

Product SuiteCRM
Affected Version(s) 7.11.13 and probably prior
Tested Version(s) 7.11.13
Vendor Notification June 10, 2020
Advisory Publication June 10, 2020 [without technical details]
Vendor Fix N/A
Public Disclosure N/A
Latest Modification June 10, 2020
CVE Identifier(s) CVE-2020-15300
Product Description SuiteCRM is a software fork of the popular Customer Relationship Management (CRM) system SugarCRM, developed and maintained by SalesAgility. It is a free and open source alternative application
Credits Luis Noriega, Security Researcher & Penetration Tester @wizlynx group

Vulnerability Details

Open Redirect Vulnerability
Severity: Medium CVSS Score: 6.1 CWE-ID: CWE-601 Status: Not Fixed
Vulnerability Description
The application SuiteCRM is affected by an open redirect vulnerability affecting version 7.11.13 and probably prior versions. This vulnerability allows attackers to redirect users to an arbitrary URL after viewing the content of a specially crafted SVG (Scalable Vector Graphics) file.
CVSS Base Score
Attack Vector Network Scope Changed
Attack Complexity Low Confidentiality Impact Low
Privileges Required None Integrity Impact Low
User Interaction Required Availability Impact None


Full details about the vulnerability will be disclosed once the vendor has provided a patch.