SuiteCRM vulnerability: Host Header Injection in versions prior to 8.6.1
CVE-2024-36419

6.1MEDIUM

Key Information:

Vendor: Salesagility
Status: Suitecrm-core
Vendor: CVE Published:; 10 June 2024

Summary

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the /legacy route. Version 8.6.1 contains a patch for the issue.

Affected Version(s)

SuiteCRM-Core < 8.6.1

References

https://github.com/salesagility/SuiteCRM-Core/security/ad...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 10, 2024