CVE-2023-6388 MEDIUM

CVE-2023-6388: Suite CRM v7.14.2 - SSRF

Vendor Suite Crm

Product Suite CRM

Weakness CWE-918 · SSRF

Published February 7, 2024

Last update September 29, 2025

View on NVD All CVEs

CVSS base score

5.0/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF.

Key dates

02Disclosure timeline

February 7, 2024 CVE published

September 29, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-6388 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

04Related CVE

CVE-2023-53893 Ateme TITAN File 3.9 Authenticated Server-Side Request Forgery Vulnerability CVE-2021-3553 Server-Side Request Forgery in EPPUpdateService remote config file (VA-9825) CVE-2023-7073 Auto Featured Image (Auto Post Thumbnail) <= 4.1.7 - Authenticated (Author+) Server-Side Request Forgery CVE-2025-8020 CVE-2023-25753 Server-Side Request Forgery in Apache ShenYu