CRM

SuiteCRM/SuiteCRM

SuiteCRM - Open source CRM for the world

#crm#php#agplv3#accounts#contacts#workflow#reports#leads#quotes#opportunities#contracts#cases#portal#documents#multi-language-support#multi-currency#suitecrm

スコア

/ 100

Star

5,436

Fork

2,352

Open Issue

1,145

サイズ

144MB

言語

PHP ★

最終push

4 日前

Docker

—

採点内訳

過去CVE 20件 (やや多い)

✓

直近 push: 4 日前

✓

得意言語 (PHP)

✓

オープンissue 1145件

✓

大規模 (144MB)

—

Docker 未対応

—

1k–10k: 初心者ベスト (★5,436)

✓

※ 各項目の重みは「採点ルール」を参照。合計は 0 で底打ち。

過去の SecurityAdvisory (20 件)

MEDIUMGHSA-7qrj-5hj6-7c2m CVE-2026-291062026/3/19
Blind XSS in return_id parameter
CRITICALGHSA-5jjq-9qch-9rg7 CVE-2026-291032026/3/19
Remote Code Execution via Module Loader Package Scanner Bypass
MEDIUMGHSA-9crg-83cg-wv74 CVE-2026-291052026/3/19
SuiteCRM Unauthenticated Open Redirect in Leads WebToLead Capture
LOWGHSA-5hx9-cmmx-26p3 CVE-2026-291042026/3/19
Authenticated Arbitrary File Upload via Configurator addfontresult View in SuiteCRM
HIGHGHSA-mr5v-wcgr-98qr CVE-2026-291022026/3/19
Authenticated RCE in Modules
MEDIUMGHSA-24pf-9cvh-ppcg CVE-2026-291012026/3/19
Directory Traversal to DoS in Modules
HIGHGHSA-g7hf-3j93-rwm5 CVE-2026-291002026/3/19
Reflected HTML Injection in Login Page via default_user_name Parameter
HIGHGHSA-38rf-h37x-7767 CVE-2026-290992026/3/19
Authenticated Blind SQL Injection in OutboundEmail Legacy Functionality.
MEDIUMGHSA-6858-fhw5-56gf CVE-2026-290982026/3/19
Relative Path Traversal via ModuleBuilder Modules ExportCustom Action
HIGHGHSA-x3p2-qcqh-qx2m CVE-2026-290972026/3/19
SuiteCRM Server-Side Request Forgery and Denial of Service via RSS Feed Dashlet
HIGHGHSA-vh42-gmqm-q55m CVE-2026-290962026/3/19
Authenticated SQL Injection via unsanitized field_function in Report Fields
HIGHGHSA-m6x8-3hxp-qxwv CVE-2026-291892026/3/19
REST API V8 IDOR: Missing ACL Checks on User Preferences and Relationship Endpoints
HIGHGHSA-26vx-rj47-x599 CVE-2026-332892026/3/19
LDAP Filter Injection in Authentication Module
HIGHGHSA-7g39-m4fg-vrq7 CVE-2026-332882026/3/19
Authenticated SQL Injection in Authentication Module
MEDIUMGHSA-prfm-6667-x3mv CVE-2025-644912025/11/7
Unauthenticated reflected XSS in Login page
HIGHGHSA-jh8v-wqgj-hhc2 CVE-2025-644902025/11/7
Inconsistent RBAC Enforcement Enables Access Control Bypass [Project Task Creation/View Resource Calendar]
HIGHGHSA-j6jg-9jj3-q2ph CVE-2025-644892025/11/7
Privilege Escalation in SuiteCRM-7.14.7 via Improper Session Invalidation and Inactive User Bypass
MEDIUMGHSA-5v53-v44q-ww2c CVE-2025-644882025/11/7
Authenticated SQL Injection in Reschedule Call Module
LOWGHSA-8r72-224q-g9fv CVE-2025-547872025/8/6
Improper Authorization on attachment downloads
MEDIUMGHSA-vqrj-gp9m-8c6r CVE-2025-547832025/8/6
Reflected Cross Site Scripting (XSS) in SuiteCRM - HTTP Referer header