CVE-2024-36410

EUVD-2024-36067
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.6 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
salesagilitysuitecrm
𝑥
< 7.14.4
salesagilitysuitecrm
8.0.0 ≤
𝑥
< 8.6.1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
salesagilitysuitecrm
𝑥
< 7.14.4
ADP
salesagilitysuitecrm
𝑥
≤ 8.0.0
ADP
salesagilitysuitecrm
𝑥
< 8.6.1
ADP
Common Weakness Enumeration
References
https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-7jj8-m2wj-m6xq
https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-7jj8-m2wj-m6xq