CVE-2015-5948

high

Published 2017-09-06 · Modified 2026-05-13

CVSS v3

8.1

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

9.3

VIR risk

8.1

Description

Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947.

Predictions

Exploit likelihood

88%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/salesagility/SuiteCRM/commit/b1b3fd61c7697ad2073cd253d31c9462929e7bb5

Application impact

Vendor	Product	Versions	Fixed
salesagility	suitecrm	`{"endIncluding":"7.2.2"}`

References

http://www.openwall.com/lists/oss-security/2015/08/06/6
https://github.com/XiphosResearch/exploits/tree/master/suiteshell
https://github.com/salesagility/SuiteCRM/commit/b1b3fd61c7697ad2073cd253d31c9462929e7bb5
https://github.com/salesagility/SuiteCRM/issues/333
http://www.openwall.com/lists/oss-security/2015/08/06/6
https://github.com/XiphosResearch/exploits/tree/master/suiteshell
https://github.com/salesagility/SuiteCRM/commit/b1b3fd61c7697ad2073cd253d31c9462929e7bb5
https://github.com/salesagility/SuiteCRM/issues/333

CWEs

CWE-362

Verify integrity in audit chain (admin only). AS-IS.