Overview
- Description
- SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Insufficient input value validation causes Blind SQL injection in DeleteRelationShip. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- security-advisories@github.com
- CWE-89
Social media
- Hype score
- Not currently trending
[CVE-2024-50332: HIGH] Critical vulnerability in SuiteCRM version 7.14.5 and below allows blind SQL injection in DeleteRelationShip due to input value validation issues. Upgrade to version 7.14.6 or 8.7.1 to secu...#cybersecurity,#vulnerability https://t.co/UHR0J8yTua https://t.c
@CveFindCom
5 Nov 2024
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-50332 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Insufficient input value validation causes Blind SQL injecti… https://t.co/mtWH4nLeZ4
@CVEnew
5 Nov 2024
334 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA0F70A0-D9EC-477C-B064-B3BF05F267C0",
"versionEndExcluding": "7.14.6"
},
{
"criteria": "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D8D3AE6-92A3-4A31-82D8-4B0EA8DF78CC",
"versionEndExcluding": "8.7.1",
"versionStartIncluding": "8.0.0"
}
],
"operator": "OR"
}
]
}
]