VYPR
Unrated severityNVD Advisory· Published Jun 10, 2024· Updated Aug 2, 2024

SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution

CVE-2024-36415

Description

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Affected products

3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.