CVE-2024-50333

Published Nov 5, 2024

Last updated 4 days ago

CVSS high 8.8

Overview

Description: SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels() function can be used to write attacker-controlled data into the custom language file that will be included at the runtime. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Source: security-advisories@github.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
security-advisories@github.com: CWE-20

Hype score: Not currently trending

CVE-2024-50333 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not validated and is written to the filesystem… https://t.co/slRUd3IZWz
@CVEnew
5 Nov 2024
509 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA0F70A0-D9EC-477C-B064-B3BF05F267C0",
            "versionEndExcluding": "7.14.6"
          },
          {
            "criteria": "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D8D3AE6-92A3-4A31-82D8-4B0EA8DF78CC",
            "versionEndExcluding": "8.7.1",
            "versionStartIncluding": "8.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References