SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. `current_post` parameter in `export` entry point can be abused to perform blind SQL injection via generateSearchWhere(). Allows for Information disclosure, including personally identifiable information. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Metrics
Affected Vendors & Products
References
History
Wed, 13 Nov 2024 20:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Salesagility
Salesagility suitecrm |
|
CPEs | cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:* | |
Vendors & Products |
Salesagility
Salesagility suitecrm |
Tue, 05 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 05 Nov 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. `current_post` parameter in `export` entry point can be abused to perform blind SQL injection via generateSearchWhere(). Allows for Information disclosure, including personally identifiable information. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |
Title | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM | |
Weaknesses | CWE-89 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-11-05T18:35:11.102Z
Updated: 2024-11-05T18:59:49.367Z
Reserved: 2024-10-18T13:43:23.459Z
Link: CVE-2024-49773
Vulnrichment
Updated: 2024-11-05T18:59:45.700Z
NVD
Status : Analyzed
Published: 2024-11-05T19:15:06.200
Modified: 2024-11-13T20:29:11.297
Link: CVE-2024-49773
Redhat
No data.