Hi all,
I’m in the process of deploying SuiteCRM 7.10.4.
As part of the installation I’ve ran a routine security testing using OpenVAS which has flagged a number of vulnerabilities; as they pertain to SugarCRM I just wanted to confirm whether or not they also apply to SuiteCRM…
sugarcrm-sa-2017-004
sugarcrm-sa-2017-005
These relate to…
-
Authenticated users may cause arbitrary code to be executed.
-
Custom code may execute an eval through a deprecated function.
In addition there’s a warning for a CVE-2018-6308 - SQL injection.
I couldn’t see in the release notes acknowledgement or these issues and whether they were fixed.
Could somebody please confirm
Thanks
Urbanite