[CVEID]
CVE-2021-41596
[PRODUCT]
SuiteCRM
[VERSION]
before 7.10.33 and 7.11.22
[PROBLEM TYPE]
Directory Traversal
[DESCRIPTION]
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal.
An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.
Timeline:
- Reported to vendor 11.09.2021
- Acknowledged 13.09.2021
- Validated 23.09.2021
- Fixed 24.09.2021