CVE-2026-44418

EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via strreplace without any sanitization, enabling SQL injection through query parameters th...

PT-2026-3524

Name of the Vulnerable Software and Affected Versions CRMEB versions prior to 5.6.4 Description A security flaw exists in CRMEB that allows improper authentication. This is due to manipulation of the openId argument within the appleLogin function located in the file...

CVE-2019-2896

Vulnerability in the MICROS Relate CRM Software product of Oracle Retail Applications component: Internal Operations. Supported versions that are affected are 7.1.0, 15.0.0, 16.0.0, 17.0.0, and 18.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP...

EUVD-2018-15168

Malware in sbrugna...

SAP CRM and SAP S/4HANA server-side request forgery vulnerability (CNVD-2025-07595)

SAP CRM and SAP S/4HANA are both products of SAP, a customer relationship management system, and SAP S/4HANA, an enterprise resource management software based on the SAP HANA in-memory database system. SAP CRM and SAP S/4HANA suffer from a server-side request forgery vulnerability, which stems fr...

UFIDA U8CRM suffers from SQL Injection Vulnerability (CNVD-2024-47765)

U8CRM is a Customer Relationship Management CRM software from UFIDA Software Corporation designed to help organizations improve customer service and sales management efficiency. A SQL injection vulnerability exists in UFIDA U8CRM, which can be exploited by attackers to obtain sensitive informatio...

CVE-2024-5683

Improper Control of Generation of Code 'Code Injection' vulnerability in Next4Biz CRM & BPM Software Business Process Manangement BPM allows Remote Code Inclusion. This issue affects Business Process Manangement BPM: from 6.6.4.4 before 6.6.4.5...

BIT-SUITECRM-2024-36419 SuiteCRM-Core Host Header Injection in /legacy

SuiteCRM is an open-source Customer Relationship Management CRM software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the /legacy route. Version 8.6.1 contains a patch for the issue...

CVE-2024-36418 SuiteCRM authenticated RCE using connectors

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-36409 SuiteCRM authenticated SQL Injection in TreeData entrypoint

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-36409

CVE-2024-36409 affects SuiteCRM before versions 7.14.4 and 8.6.1, where poor input validation enables an SQL Injection at the Tree data entry point. The root cause is inadequate input validation in the Tree entry point, allowing crafted input to alter database queries. Public advisories consisten...

PT-2024-18237 · Zhongbangkeji · Crmeb

Name of the Vulnerable Software and Affected Versions: ZhongBangKeJi CRMEB version 5.2.2 Description: A critical issue affects the function save/delete of the file "/adminapi/system/crud". The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The...

CVE-2023-47643

SuiteCRM before 8.4.2 exposes GraphQL schema via unauthenticated Graphql Introspection, allowing an attacker to enumerate all object types, arguments, and functions (including sensitive fields such as UserHash). This is documented across multiple sources (NVD, Red Hat, OSV, and a dedicated Nuclei...

Virtua SQL注入漏洞 charging

Virtua Cobranca, a CRM software for call centers and collection and finance departments from Virtua Brazil, is vulnerable to SQL injection in versions prior to Virtua Cobranca 12R. The vulnerability stems from a missing data filter escape in the idusuario parameter in login.php. An attacker could...

CVE-2020-23518

Cross Site Scripting XSS vulnerability in UltimateKode Neo Billing - Accounting, Invoicing And CRM Software up to version 3.5 which allows remote attackers to inject arbitrary web script or HTML...

SQL Injection Vulnerability in GRM System of Pengwei Software Co.

Pengwei Software Co., Ltd. is a CRM software service provider, founded in 2005, specializing in CRM software products. A SQL injection vulnerability exists in the GRM system of Pengwei Software Corporation, which can be exploited by attackers to obtain sensitive information from the database...

CVE-2019-2896

Vulnerability in the MICROS Relate CRM Software product of Oracle Retail Applications component: Internal Operations. Supported versions that are affected are 7.1.0, 15.0.0, 16.0.0, 17.0.0, and 18.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP...

Spoofing

Vulnerability in the MICROS Relate CRM Software product of Oracle Retail Applications component: Internal Operations. Supported versions that are affected are 7.1.0, 15.0.0, 16.0.0, 17.0.0, and 18.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP...

CVE-2019-2896

Vulnerability in the MICROS Relate CRM Software product of Oracle Retail Applications component: Internal Operations. Supported versions that are affected are 7.1.0, 15.0.0, 16.0.0, 17.0.0, and 18.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP...

CVE-2019-2896

Vulnerability in the MICROS Relate CRM Software product of Oracle Retail Applications component: Internal Operations. Supported versions that are affected are 7.1.0, 15.0.0, 16.0.0, 17.0.0, and 18.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP...