CRITICALšŸ‡µšŸ‡± Wersja polska

CVE-2024-36408

CVSS 9.6v3.1pub. 2024-06-10upd. 2024-11-21

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
  • Salesagility Suitecrm

    APP
    Salesagility
    < 7.14.48.0.0 – 8.6.1 (bez)
šŸ”µ
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2022-50589CRITICAL9.3PL āœ“ten sam produkt

SQL Injection w SuiteCRM umożliwiające zdalne wykonanie kodu (RCE)

CVE-2024-36409CRITICAL9.6PL āœ“ten sam produkt

SQL Injection w SuiteCRM — punkt wejścia danych drzewa

CVE-2024-36411CRITICAL9.6PL āœ“ten sam produkt

SQL Injection w SuiteCRM — kontroler EmailUIAjax displayView

CVE-2024-36410CRITICAL9.6PL āœ“ten sam produkt

SQL Injection w SuiteCRM — kontroler EmailUIAjax messages count

CVE-2024-36412CRITICAL10.0PL āœ“ten sam produkt

SQL injection w SuiteCRM poprzez punkt wejścia odpowiedzi na zdarzenia

CVE-2024-36408 — Salesagility — Suitecrm — CRITICAL — CVSS 9.6 | CVEbaza.pl