CVE-2024-50332

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-50332

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50332.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-50332

Aliases

BIT-suitecrm-2024-50332
GHSA-53xh-mjmq-j35p

Published

2024-11-05T18:40:14.977Z

Modified

2026-04-10T05:18:08.916349Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Authenticated Blind SQL Injection in DeleteRelationShip in SuiteCRM

Details

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Insufficient input value validation causes Blind SQL injection in DeleteRelationShip. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cwe_ids": [
        "CWE-89"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50332.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/salesagility/suitecrm

Affected ranges

Type: GIT
Repo: https://github.com/salesagility/suitecrm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e572230abd0dad205b24a96acce72590b20bf69d

Affected versions

7.*

7.9.6

v.*

v.7.9.11

v7.*

v7.0.2

v7.1

v7.1.1

v7.1.2

v7.1.3

v7.1.4

v7.10.0

v7.10.1

v7.10.10

v7.10.11

v7.10.12

v7.10.2

v7.10.3

v7.10.4

v7.10.5

v7.10.6

v7.10.7

v7.11.0

v7.11.1

v7.11.11

v7.11.12

v7.11.13

v7.11.14

v7.11.15

v7.11.16

v7.11.17

v7.11.18

v7.11.2

v7.11.3

v7.11.4

v7.11.5

v7.11.6

v7.11.7

v7.11.8

v7.12-rc

v7.12.0

v7.12.1

v7.12.2

v7.12.3

v7.12.4

v7.12.5

v7.12.6

v7.12.7

v7.12.8

v7.13.0

v7.13.0-beta

v7.13.1

v7.13.2

v7.13.3

v7.13.4

v7.14.0

v7.14.0-beta

v7.14.1

v7.14.2

v7.14.3

v7.14.4

v7.14.5

v7.2

v7.2.1

v7.2beta

v7.2beta2

v7.3

v7.3-beta

v7.3.1

v7.3.2

v7.4.1

v7.4.2

v7.4.3

v7.5-beta

v7.5-beta.2

v7.5.1

v7.6

v7.6.1

v7.7

v7.7-beta1

v7.7-beta2

v7.7-rc

v7.7-rc2

v7.7.2

v7.7.3

v7.7.4

v7.8.0

v7.8.0-beta

v7.8.0-beta.2

v7.8.0-rc

v7.8.1

v7.8.2

v7.9.0

v7.9.0-beta

v7.9.0-rc

v7.9.1

v7.9.10

v7.9.11

v7.9.12

v7.9.13

v7.9.14

v7.9.3

v7.9.4

v7.9.5

v7.9.8

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50332.json"

Git / github.com/salesagility/suitecrm-core

Affected ranges

Type

GIT

Repo

https://github.com/salesagility/suitecrm-core

Events

Introduced

55c1ee9cbdf409ed41c04da0bbf442b311a3ab57

Fixed

582636a2a77f2fe0241a69bd59f0daf11b139594

Database specific

{
    "versions": [
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.7.1"
        }
    ]
}

Affected versions

v8.*

v8.0.0

v8.0.1

v8.0.2

v8.0.3

v8.0.4

v8.1.0

v8.1.1

v8.1.2

v8.1.3

v8.2.0

v8.2.0-beta.2

v8.2.1

v8.2.2

v8.2.3

v8.2.4

v8.3.0

v8.3.1

v8.4.0

v8.4.0-beta

v8.4.1

v8.4.2

v8.5.0

v8.5.1

v8.6.0

v8.6.1

v8.6.2

v8.7.0

v8.7.0-beta

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50332.json"