CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36409 – SuiteCRM authenticated SQL Injection in TreeData entrypoint
https://notcve.org/view.php?id=CVE-2024-36409
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue. SuiteCRM es una aplicación de software de gestión de relaciones con el cliente (CRM) de código abierto. En versiones anteriores a 7.14.4 y 8.6.1, una validación de entrada deficiente permite la inyección SQL en el punto de entrada de datos del Tree. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-pxq4-vw23-v73f • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36408 – SuiteCRM authenticated SQL Injection in Alerts
https://notcve.org/view.php?id=CVE-2024-36408
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. SuiteCRM es una aplicación de software de gestión de relaciones con el cliente (CRM) de código abierto. En versiones anteriores a 7.14.4 y 8.6.1, una validación de entrada deficiente permite la inyección de SQL en el controlador "Alertas". • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-2g8f-gjrr-x5cg • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36407 – SuiteCRM unauthenticated user password reset on php7
https://notcve.org/view.php?id=CVE-2024-36407
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is also dependent on some password reset functionalities being enabled. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-6p2f-wwx9-952r • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36406 – SuiteCRM vulnerable to open redirects
https://notcve.org/view.php?id=CVE-2024-36406
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-hcw8-p37h-8hrv • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1CVE-2023-6131 – Code Injection in salesagility/suitecrm
https://notcve.org/view.php?id=CVE-2023-6131
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Inyección de código en el repositorio de GitHub salesagility/suitecrm anterior a 7.14.2, 7.12.14, 8.4.2. • https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9 https://huntr.com/bounties/5fa50b25-f6b1-408c-99df-4442c86c563f • CWE-94: Improper Control of Generation of Code ('Code Injection') •