2 matches found
CVE-2023-47643
SuiteCRM is a Customer Relationship Management CRM software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and understand the entire...
CVE-2023-47643
SuiteCRM before 8.4.2 exposes GraphQL schema via unauthenticated Graphql Introspection, allowing an attacker to enumerate all object types, arguments, and functions (including sensitive fields such as UserHash). This is documented across multiple sources (NVD, Red Hat, OSV, and a dedicated Nuclei...