QSearchQSearch

CVE-2021-41596

5.3 MEDIUM

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal

Published: 2021-10-04 · Last updated: 2026-06-17

Severity and scoring

CVSS
5.3 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
CWE-22

Affected products

VendorProduct
salesagilitysuitecrm

Description

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2021-42840 SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting (8.8 HIGH)
  • CVE-2021-41595 SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal (5.3 MEDIUM)
  • CVE-2021-41869 SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation (8.8 HIGH)
  • CVE-2021-39268 Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary Jav... (6.1 MEDIUM)
  • CVE-2021-39267 Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary Jav... (6.1 MEDIUM)

Same CWE

  • CVE-2026-48777 FileBrowser Quantum is a free, self-hosted, web-based file manager
  • CVE-2026-8442 The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8 (8.1 HIGH)
  • CVE-2026-49766 Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions (9.9 CRITICAL)
  • CVE-2026-49061 Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions (7.5 HIGH)
  • CVE-2026-40779 Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions (7.7 HIGH)