QSearchQSearch

CVE-2021-41595

5.3 MEDIUM

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal

Published: 2021-10-04 · Last updated: 2026-06-17

Severity and scoring

CVSS
5.3 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
CWE-22

Affected products

VendorProduct
salesagilitysuitecrm

Description

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2021-42840 SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting (8.8 HIGH)
  • CVE-2021-41596 SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal (5.3 MEDIUM)
  • CVE-2021-41869 SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation (8.8 HIGH)
  • CVE-2021-39268 Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary Jav... (6.1 MEDIUM)
  • CVE-2021-39267 Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary Jav... (6.1 MEDIUM)

Same CWE

  • CVE-2026-48777 FileBrowser Quantum is a free, self-hosted, web-based file manager
  • CVE-2026-8442 The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8 (8.1 HIGH)
  • CVE-2026-49766 Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions (9.9 CRITICAL)
  • CVE-2026-49061 Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions (7.5 HIGH)
  • CVE-2026-40779 Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions (7.7 HIGH)