- Description
- SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- Source
- security-advisories@github.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
2
Hey fellow hackers, My blog is back, starting with a deep dive into a nice SQL injection I found in SuiteCRM—CVE-2024-36412. "Using Filters Against Filters: Unexpected SQL Injection" https://t.co/x1ZnjneWM3 This is the first of a three-part series on the CVEs. More to come :)
@ElS1carius
10 Feb 2025
5225 Impressions
24 Retweets
114 Likes
34 Bookmarks
2 Replies
2 Quotes
⚠️ Critical SQL Injection Vulnerability in SuiteCRM (CVE-2024-36412) 🚨 Older versions of SuiteCRM are affected, with potential for unauthorized database manipulation. Stay informed, stay protected 💡 https://t.co/jBCasPJgFZ #SonicWall #CVE202436412 #SQL #vulnerability https:
@SonicWall
21 Dec 2024
191 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "176C4E20-B96D-4391-986F-3314663983AC",
"versionEndExcluding": "7.14.4"
},
{
"criteria": "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5249169E-5516-4705-A2C8-DE1BA56497D0",
"versionEndExcluding": "8.6.1",
"versionStartIncluding": "8.0.0"
}
],
"operator": "OR"
}
]
}
]