Overview
- Description
- SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database. This issue has been addressed in releases 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- security-advisories@github.com
- CWE-89
Social media
- Hype score
- Not currently trending
[CVE-2024-49772: HIGH] Critical security update for SuiteCRM versions 7.14.4! Vulnerable to SQL injection attack allowing low-privilege user to leak database data. Upgrade to versions 7.14.6 or 8.7.1 ASAP.#cybersecurity,#vulnerability https://t.co/uciY6wYfaJ https://t.co/kUGGYgzT
@CveFindCom
5 Nov 2024
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-49772 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows au… https://t.co/zuWyJ3hzMV
@CVEnew
5 Nov 2024
308 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA0F70A0-D9EC-477C-B064-B3BF05F267C0",
"versionEndExcluding": "7.14.6"
},
{
"criteria": "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D8D3AE6-92A3-4A31-82D8-4B0EA8DF78CC",
"versionEndExcluding": "8.7.1",
"versionStartIncluding": "8.0.0"
}
],
"operator": "OR"
}
]
}
]