SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels() function can be used to write attacker-controlled data into the custom language file that will be included at the runtime. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Metrics
Affected Vendors & Products
References
History
Wed, 13 Nov 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-noinfo |
Tue, 05 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Salesagility
Salesagility suitecrm |
|
CPEs | cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:* | |
Vendors & Products |
Salesagility
Salesagility suitecrm |
|
Metrics |
ssvc
|
Tue, 05 Nov 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels() function can be used to write attacker-controlled data into the custom language file that will be included at the runtime. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |
Title | RCE in ModuleBuilder in SuiteCRM | |
Weaknesses | CWE-20 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-11-05T18:41:24.241Z
Updated: 2024-11-05T18:57:18.443Z
Reserved: 2024-10-22T17:54:40.954Z
Link: CVE-2024-50333
Vulnrichment
Updated: 2024-11-05T18:57:14.372Z
NVD
Status : Analyzed
Published: 2024-11-05T19:15:06.840
Modified: 2024-11-13T20:10:45.553
Link: CVE-2024-50333
Redhat
No data.