SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:HSalesagility Suitecrm
APPSalesagility< 7.14.48.0.0 ā 8.6.1 (bez)
šµ
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
Related vulnerabilities
CVE-2022-50589CRITICAL9.3PL āten sam produkt
SQL Injection w SuiteCRM umożliwiajÄ ce zdalne wykonanie kodu (RCE)
CVE-2024-36409CRITICAL9.6PL āten sam produkt
SQL Injection w SuiteCRM ā punkt wejÅcia danych drzewa
CVE-2024-36411CRITICAL9.6PL āten sam produkt
SQL Injection w SuiteCRM ā kontroler EmailUIAjax displayView
CVE-2024-36410CRITICAL9.6PL āten sam produkt
SQL Injection w SuiteCRM ā kontroler EmailUIAjax messages count
CVE-2024-36412CRITICAL10.0PL āten sam produkt
SQL injection w SuiteCRM poprzez punkt wejÅcia odpowiedzi na zdarzenia