Description

SuiteCRM has an SQL Injection vulnerability that allows unauthenticated attackers to gain access to sensitive data and compromise the system.

Remediation

Upgrade to the latest version of SuiteCRM

References

Unauthenticated SQL Injection

CVE-2024-36412 | Proof of Concept

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-45360)

WordPress Plugin Mail Masta Multiple SQL Injection Vulnerabilities (1.0)

SugarCRM Gain Sensitive Information Vulnerability (CVE-2004-1226)

WordPress Plugin Participants Database SQL Injection (1.9.5.5)

Oracle Database Server CVE-2015-4740 Vulnerability (CVE-2015-4740)

Severity

Critical

Classification

CVE-2024-36412 CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

SQL Injection Known Vulnerabilities