Vulnerabilities query

Hi all,

I’m in the process of deploying SuiteCRM 7.10.4.

As part of the installation I’ve ran a routine security testing using OpenVAS which has flagged a number of vulnerabilities; as they pertain to SugarCRM I just wanted to confirm whether or not they also apply to SuiteCRM…


These relate to…

  • Authenticated users may cause arbitrary code to be executed.

  • Custom code may execute an eval through a deprecated function.

In addition there’s a warning for a CVE-2018-6308 - SQL injection.

I couldn’t see in the release notes acknowledgement or these issues and whether they were fixed.

Could somebody please confirm



Good Morning!

Regards to specific SugarCRM issues that were released in 6.5.26, these were addressed differently into the SuiteCRM project prior to their release and hence why we don’t link them up directly with our Release Notes.

Regards to other security issues these are currently being addressed and should be in releases soon. If you wish to discuss further with other Security fixes/queries please feel free to contact our Security team on

Thanks Samus; I’ll clarify this with security!