BIT-suitecrm-2024-36410
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/suitecrm/BIT-suitecrm-2024-36410.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-suitecrm-2024-36410
- Aliases
- Published
- 2024-06-12T07:38:31.505Z
- Modified
- 2025-05-20T10:02:07.006Z
- Summary
- SuiteCRM authenticated SQL Injection in EmailUIAjax messages count controller
- Details
-
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
- Database specific
{ "cpes": [ "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*" ], "severity": "High" }- References
Affected packages
Bitnami / suitecrm
Package
- Name
- suitecrm
- Purl
- pkg:bitnami/suitecrm
Severity
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator