SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Insufficient input value validation causes Blind SQL injection in DeleteRelationShip. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
History

Tue, 05 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Salesagility
Salesagility suitecrm
CPEs cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
Vendors & Products Salesagility
Salesagility suitecrm
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 05 Nov 2024 19:00:00 +0000

Type Values Removed Values Added
Description SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Insufficient input value validation causes Blind SQL injection in DeleteRelationShip. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Title Authenticated Blind SQL Injection in DeleteRelationShip in SuiteCRM
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-11-05T18:40:14.977Z

Updated: 2024-11-05T18:58:13.409Z

Reserved: 2024-10-22T17:54:40.953Z

Link: CVE-2024-50332

cve-icon Vulnrichment

Updated: 2024-11-05T18:58:09.232Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-05T19:15:06.623

Modified: 2024-11-06T18:17:17.287

Link: CVE-2024-50332

cve-icon Redhat

No data.