6 matches found
SuiteCRM 访问控制错误漏洞
SuiteCRM is a customer relationship management system from the SuiteCRM team. An access control error vulnerability exists in SuiteCRM versions 7.14.6 and 8.8.0 that stems from a legacy iCal service authentication flaw that could lead to unauthorized access to meeting data...
BIT-SUITECRM-2024-49773 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. currentpost parameter in export entry point can be abused ...
BIT-SUITECRM-2024-50333 RCE in ModuleBuilder in SuiteCRM
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels function can be used to write attacker-controlled data into the custom language file that will be includ...
CVE-2024-49774
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM uses tokengetall to par...
CVE-2024-49773
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. currentpost parameter in export entry point can be abused ...
CVE-2024-49773
SuiteCRM vulnerability CVE-2024-49773 involves poor input validation in the export functionality, where the authenticated user can abuse the current_post parameter to perform blind SQL injection via generateSearchWhere(), leading to potential information disclosure of personally identifiable info...