SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
References
Link | Resource |
---|---|
https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-pxq4-vw23-v73f | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Jun 2024, 18:09
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Salesagility
Salesagility suitecrm |
|
CPE | cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:* | |
References | () https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-pxq4-vw23-v73f - Vendor Advisory | |
Summary |
|
10 Jun 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-10 18:15
Updated : 2024-06-12 18:09
NVD link : CVE-2024-36409
Mitre link : CVE-2024-36409
CVE.ORG link : CVE-2024-36409
JSON object : View
Products Affected
salesagility
- suitecrm
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')