SuiteCRM - SQL Injection

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. id: CVE-2024-36412 info: name: SuiteC...

CVE-2024-36414

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-49772

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database. This issue has been...

CVE-2024-49772 Authenticated SQL injection in AM_ProjectTemplates controller in SuiteCRM

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database. This issue has been...

PT-2024-33681 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions 7.14.4 Description: The issue is related to poor input validation, allowing an authenticated user to perform a SQL injection attack. This can result in an authenticated user with low privilege being able to leak all data in...

BIT-SUITECRM-2024-36415 SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-36417

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-36416

CVE-2024-36416 affects SuiteCRM. Prior to version 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation can cause a denial of service by logging excessive data. The issue is addressed in later releases: 7.14.4 and 8.6.1 contain a fix. Connected sources corroborate the impact as a DoS...

CVE-2024-36417 SuiteCRM Stored XSS Vulnerability Allows Code Execution via Malicious iFrame

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-36417

SuiteCRM has a stored XSS vulnerability (CVE-2024-36417) where an unverified IFrame injected via input can be used for cross-site scripting and potentially code execution. Affected versions are prior to 7.14.4 and 8.6.1; these releases fix the issue. Remediation: upgrade to 7.14.4 or 8.6.1 (or la...

CVE-2024-36417 SuiteCRM Stored XSS Vulnerability Allows Code Execution via Malicious iFrame

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-36413 SuiteCRM authenticated Reflected Cross-Site Scripting

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-36412

Summary of CVE-2024-36412 (SuiteCRM) : Affected are SuiteCRM versions prior to 7.14.4 and 8.6.1. The issue is a vulnerability in the events response entry point that enables an unauthenticated SQL injection. The Nuclei template and CVE records describe an unauthenticated, time-based SQL injection...

CVE-2024-36412 SuiteCRM unauthenticated SQL Injection

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-36409 SuiteCRM authenticated SQL Injection in TreeData entrypoint

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-36409 SuiteCRM authenticated SQL Injection in TreeData entrypoint

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-36408

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the Alerts controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-36408 SuiteCRM authenticated SQL Injection in Alerts

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the Alerts controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-36408 SuiteCRM authenticated SQL Injection in Alerts

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the Alerts controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

PT-2024-26982 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.14.4 SuiteCRM versions prior to 8.6.1 Description: The issue is related to a vulnerability in uploaded file verification in products, which allows for remote code execution. This is a critical issue that can be...