Unrated severityNVD Advisory· Published Jun 10, 2024· Updated Aug 2, 2024

SuiteCRM authenticated SQL Injection in TreeData entrypoint

CVE-2024-36409

Description

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Affected products

Salesagility/Suitecrmv5
Range: < 7.14.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/salesagility/SuiteCRM/security/advisories/GHSA-pxq4-vw23-v73fmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000