SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database. This issue has been addressed in releases 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Metrics
Affected Vendors & Products
References
History
Tue, 05 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Salesagility
Salesagility suitecrm |
|
CPEs | cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:* | |
Vendors & Products |
Salesagility
Salesagility suitecrm |
|
Metrics |
ssvc
|
Tue, 05 Nov 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database. This issue has been addressed in releases 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |
Title | Authenticated SQL injection in AM_ProjectTemplates controller in SuiteCRM | |
Weaknesses | CWE-89 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-11-05T18:31:20.615Z
Updated: 2024-11-05T19:00:51.220Z
Reserved: 2024-10-18T13:43:23.458Z
Link: CVE-2024-49772
Vulnrichment
Updated: 2024-11-05T19:00:46.611Z
NVD
Status : Analyzed
Published: 2024-11-05T19:15:05.970
Modified: 2024-11-13T20:19:54.597
Link: CVE-2024-49772
Redhat
No data.