SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels() function can be used to write attacker-controlled data into the custom language file that will be included at the runtime. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
History

Tue, 05 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Salesagility
Salesagility suitecrm
CPEs cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
Vendors & Products Salesagility
Salesagility suitecrm
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 05 Nov 2024 19:00:00 +0000

Type Values Removed Values Added
Description SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels() function can be used to write attacker-controlled data into the custom language file that will be included at the runtime. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Title RCE in ModuleBuilder in SuiteCRM
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-11-05T18:41:24.241Z

Updated: 2024-11-05T18:57:18.443Z

Reserved: 2024-10-22T17:54:40.954Z

Link: CVE-2024-50333

cve-icon Vulnrichment

Updated: 2024-11-05T18:57:14.372Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-05T19:15:06.840

Modified: 2024-11-06T18:17:17.287

Link: CVE-2024-50333

cve-icon Redhat

No data.