Description
Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.
Remediation
References
Related Vulnerabilities
WordPress Plugin Better Find and Replace Cross-Site Scripting (1.2.8)
WordPress Plugin Ultimate Maps by Supsystic Cross-Site Scripting (1.2.4)
WordPress Plugin NextGEN Gallery-WordPress Gallery Multiple Vulnerabilities (2.0.77)
WordPress Plugin Role Scoper Cross-Site Scripting (1.3.66)
Liferay DXP Observable Timing Discrepancy Vulnerability (CVE-2025-43754)