Lucene search
K

6 matches found

CNNVD
CNNVD
added 2025/08/07 12:0 a.m.3 views

SuiteCRM 访问控制错误漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM team. An access control error vulnerability exists in SuiteCRM versions 7.14.6 and 8.8.0 that stems from a legacy iCal service authentication flaw that could lead to unauthorized access to meeting data...

5.3CVSS6.6AI score0.00271EPSS
Exploits0References2
OSV
OSV
added 2024/11/07 7:19 a.m.7 views

BIT-SUITECRM-2024-49773 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. currentpost parameter in export entry point can be abused ...

6.5CVSS6.1AI score0.00299EPSS
Exploits0References2
OSV
OSV
added 2024/11/07 7:19 a.m.12 views

BIT-SUITECRM-2024-50333 RCE in ModuleBuilder in SuiteCRM

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels function can be used to write attacker-controlled data into the custom language file that will be includ...

8.8CVSS7.4AI score0.0039EPSS
Exploits0References2
NVD
NVD
added 2024/11/05 7:15 p.m.15 views

CVE-2024-49774

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM uses tokengetall to par...

7.2CVSS0.00492EPSS
Exploits0References1
NVD
NVD
added 2024/11/05 7:15 p.m.11 views

CVE-2024-49773

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. currentpost parameter in export entry point can be abused ...

6.5CVSS0.00299EPSS
Exploits0References1
CVE
CVE
added 2024/11/05 6:35 p.m.54 views

CVE-2024-49773

SuiteCRM vulnerability CVE-2024-49773 involves poor input validation in the export functionality, where the authenticated user can abuse the current_post parameter to perform blind SQL injection via generateSearchWhere(), leading to potential information disclosure of personally identifiable info...

6.5CVSS5.7AI score0.00299EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder