CVE-2024-36409

EUVD-2024-36066
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.6 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
GitHub_MCNA
9.6 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Affected Products (NVD)
VendorProductVersion
salesagilitysuitecrm
𝑥
< 7.14.4
salesagilitysuitecrm
8.0.0 ≤
𝑥
< 8.6.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-pxq4-vw23-v73f
https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-pxq4-vw23-v73f