CVE-2024-49772

CVSS V2 None CVSS V3 None

Description

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database. This issue has been addressed in releases 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Overview

CVE ID
CVE-2024-49772

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2024-11-05T18:31:20.615Z

Last Modified Date
2024-11-05T19:00:51.220Z

Weakness Enumerations

CWE	URL
CWE-89	http://cwe.mitre.org/data/definitions/89.html

References

Reference URL	Reference Tags
https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-4xj8-hr85-hm3m	x_refsource_CONFIRM

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-49772
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49772

History

Created	Old Value	New Value	Data Type	Notes
2024-11-06 13:39:43				Added to TrackCVE