SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
References
Link | Resource |
---|---|
https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-7jj8-m2wj-m6xq | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Jun 2024, 18:09
Type | Values Removed | Values Added |
---|---|---|
First Time |
Salesagility
Salesagility suitecrm |
|
Summary |
|
|
References | () https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-7jj8-m2wj-m6xq - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:* |
10 Jun 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-10 18:15
Updated : 2024-06-12 18:09
NVD link : CVE-2024-36410
Mitre link : CVE-2024-36410
CVE.ORG link : CVE-2024-36410
JSON object : View
Products Affected
salesagility
- suitecrm
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')