SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database. This issue has been addressed in releases 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
History

Tue, 05 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Salesagility
Salesagility suitecrm
CPEs cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
Vendors & Products Salesagility
Salesagility suitecrm
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 05 Nov 2024 18:45:00 +0000

Type Values Removed Values Added
Description SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database. This issue has been addressed in releases 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Title Authenticated SQL injection in AM_ProjectTemplates controller in SuiteCRM
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-11-05T18:31:20.615Z

Updated: 2024-11-05T19:00:51.220Z

Reserved: 2024-10-18T13:43:23.458Z

Link: CVE-2024-49772

cve-icon Vulnrichment

Updated: 2024-11-05T19:00:46.611Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-05T19:15:05.970

Modified: 2024-11-13T20:19:54.597

Link: CVE-2024-49772

cve-icon Redhat

No data.