CVE-2019-25663

EUVD-2019-20062
SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using boolean-based SQL injection techniques to extract sensitive database information.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulnCheckCNA
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
salesagilitysuitecrm
𝑥
≤ 7.10.7
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
suitecrmsuitecrm
7.10.7
CNA
Common Weakness Enumeration
References
https://suitecrm.com/
https://suitecrm.com/download/
https://www.exploit-db.com/exploits/46310
https://www.vulncheck.com/advisories/suitecrm-sql-injection-via-parenttab-parameter