AI description
CVE-2024-36412 is a vulnerability identified in SuiteCRM, an open-source Customer Relationship Management (CRM) software. Versions of SuiteCRM prior to 7.14.4 and 8.6.1 are susceptible to SQL injection attacks. The vulnerability stems from improper handling of user-supplied input within SQL commands. This flaw allows attackers to execute malicious SQL queries, potentially granting them unauthorized access to sensitive data stored within the SuiteCRM database. The vulnerability is present in the events response entry point of the application. The issue has been addressed in SuiteCRM versions 7.14.4 and 8.6.1.
- Description
- SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- Source
- security-advisories@github.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
#exploit 1. CVE-2024-12425, CVE-2024-12426: LibreOffice Path Traversal https://t.co/6gInUfeAFA 2. CVE-2024-36412: Using XSS filters against XSS filters - Unexpected SQLI/RCE https://t.co/xh9NiHmgqa 3. CVE-2024-42327: Zabbix Privilege Escalation -> RCE https://t.co/jQT6L9XMLy
@ksg93rd
17 Feb 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hey fellow hackers, My blog is back, starting with a deep dive into a nice SQL injection I found in SuiteCRM—CVE-2024-36412. "Using Filters Against Filters: Unexpected SQL Injection" https://t.co/x1ZnjneWM3 This is the first of a three-part series on the CVEs. More to come :)
@ElS1carius
10 Feb 2025
5310 Impressions
24 Retweets
115 Likes
34 Bookmarks
2 Replies
2 Quotes
⚠️ Critical SQL Injection Vulnerability in SuiteCRM (CVE-2024-36412) 🚨 Older versions of SuiteCRM are affected, with potential for unauthorized database manipulation. Stay informed, stay protected 💡 https://t.co/jBCasPJgFZ #SonicWall #CVE202436412 #SQL #vulnerability https:
@SonicWall
21 Dec 2024
191 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "176C4E20-B96D-4391-986F-3314663983AC",
"versionEndExcluding": "7.14.4"
},
{
"criteria": "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5249169E-5516-4705-A2C8-DE1BA56497D0",
"versionEndExcluding": "8.6.1",
"versionStartIncluding": "8.0.0"
}
],
"operator": "OR"
}
]
}
]