I’m in the process of deploying SuiteCRM 7.10.4.
As part of the installation I’ve ran a routine security testing using OpenVAS which has flagged a number of vulnerabilities; as they pertain to SugarCRM I just wanted to confirm whether or not they also apply to SuiteCRM…
These relate to…
Authenticated users may cause arbitrary code to be executed.
Custom code may execute an eval through a deprecated function.
In addition there’s a warning for a CVE-2018-6308 - SQL injection.
I couldn’t see in the release notes acknowledgement or these issues and whether they were fixed.
Could somebody please confirm