Blind SQL Injection Vulnerability Affects SuiteCRM, Update Recommended
CVE-2024-50332

8.8HIGH

Key Information:

Vendor: Salesagility
Status: Suitecrm
Vendor: CVE Published:; 5 November 2024

Summary

A vulnerability in SuiteCRM, the open-source CRM software from SalesAgility, has been identified, characterized by insufficient input value validation leading to a Blind SQL injection in the DeleteRelationShip function. This flaw allows malicious actors to potentially exploit the system without adequate defenses in place. The vulnerability has been addressed in the recent updates, specifically in versions 7.14.6 and 8.7.1, making it crucial for users to upgrade to these versions to mitigate the risk. At this time, no workarounds have been identified, emphasizing the importance of timely updates to maintain the security of installed SuiteCRM instances.

Affected Version(s)

SuiteCRM < 7.14.6 < 7.14.6

SuiteCRM >= 8.0.0, < 8.7.1 < 8.0.0, 8.7.1

References

https://github.com/salesagility/SuiteCRM/security/advisor...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 5, 2024
Vulnerability Reserved
Oct 22, 2024