WEB APPLICATION VULNERABILITIES Standard & Premium

SuiteCRM SQL Injection (CVE-2024-36412)

Description

SuiteCRM has an SQL Injection vulnerability that allows unauthenticated attackers to gain access to sensitive data and compromise the system.

Remediation

Upgrade to the latest version of SuiteCRM

References

Unauthenticated SQL Injection

CVE-2024-36412 | Proof of Concept

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-5590)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-20151)

LimeSurvey Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-16177)

Joomla CVE-2022-23799 Vulnerability (CVE-2022-23799)

XWiki Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2022-41928)

Severity

Critical

Classification

CVE-2024-36412 CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

SQL Injection Known Vulnerabilities