BIT-suitecrm-2024-36409

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/suitecrm/BIT-suitecrm-2024-36409.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-suitecrm-2024-36409

Aliases

CVE-2024-36409

Published

2024-06-12T07:38:44.800Z

Modified

2025-05-20T10:02:07.006Z

Summary

SuiteCRM authenticated SQL Injection in TreeData entrypoint

Details

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Database specific

{
    "cpes": [
        "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

Affected packages

Bitnami / suitecrm

Package

Name: suitecrm
Purl: pkg:bitnami/suitecrm

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.14.4

Introduced

8.0.0

Fixed

8.6.1