CVE-2026-29099

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...

CVE-2026-29099

SuiteCRM versions 7.15 and 8.9 are affected by authenticated SQL injection in the retrieve() function of include/OutboundEmail/OutboundEmail.php, exploitable via two paths in the EmailUIAjax action. The user-controlled $id is not properly neutralized, allowing retrieval of arbitrary database info...

PT-2026-26437

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...

EUVD-2020-29652

Malware in sbrugna...

EUVD-2024-36067

Malicious code in bioql PyPI...

EUVD-2024-36068

Malicious code in bioql PyPI...

CVE-2020-8804

SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module...

BIT-SUITECRM-2024-36410 SuiteCRM authenticated SQL Injection in EmailUIAjax messages count controller

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

BIT-SUITECRM-2024-36411 SuiteCRM authenticated SQL Injection in EmailUIAjax displayView controller

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-36411

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-36411

CVE-2024-36411 affects SuiteCRM with SQL injection in the EmailUIAjax displayView controller due to poor input validation. Affected versions are prior to 7.14.4 and prior to 8.6.1. Fixes are shipped in 7.14.4 and 8.6.1. Exploitation details are not provided in the connected documents, and no in-t...

CVE-2024-36411 SuiteCRM authenticated SQL Injection in EmailUIAjax displayView controller

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-36411 SuiteCRM authenticated SQL Injection in EmailUIAjax displayView controller

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-36410

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-36410

CVE-2024-36410 affects SuiteCRM prior to versions 7.14.4 and 8.6.1, where poor input validation in the EmailUIAjax messages count controller enables an SQL Injection vulnerability. The issue has a high impact on confidentiality, integrity, and availability and is exploitable over the network with...

CVE-2024-36410 SuiteCRM authenticated SQL Injection in EmailUIAjax messages count controller

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-36410 SuiteCRM authenticated SQL Injection in EmailUIAjax messages count controller

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

SuiteCRM Security Breach

SuiteCRM is a customer relationship management system from the SuiteCRM team. SuiteCRM has a security vulnerability that stems from incorrect input validation, which leads to an SQL injection vulnerability in the EmailUIAjax displayView controller...

SuiteCRM Security Breach

SuiteCRM is a customer relationship management system from the SuiteCRM team. SuiteCRM has a security vulnerability that stems from incorrect input validation, which leads to an SQL injection vulnerability in the EmailUIAjax message counting controller...

BIT-SUITECRM-2020-8804

SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module...