SQL Injection Vulnerability in SuiteCRM by SalesAgility
CVE-2024-36411
8.8HIGH
Summary
SuiteCRM, an open-source Customer Relationship Management software developed by SalesAgility, is susceptible to SQL Injection due to insufficient input validation within the EmailUIAjax displayView controller. This vulnerability impacts versions prior to 7.14.4 and 8.6.1, allowing attackers to potentially execute arbitrary SQL queries, which may compromise sensitive data and affect the integrity of applications. To mitigate this security threat, upgrading to the patched versions is essential.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published