CVE-2024-36410 – SuiteCRM authenticated SQL Injection in EmailUIAjax messages count controller
https://notcve.org/view.php?id=CVE-2024-36410
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. SuiteCRM es una aplicación de software de gestión de relaciones con el cliente (CRM) de código abierto. En versiones anteriores a 7.14.4 y 8.6.1, una validación de entrada deficiente permite la inyección de SQL en el controlador de recuento de mensajes EmailUIAjax. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-7jj8-m2wj-m6xq • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-36409 – SuiteCRM authenticated SQL Injection in TreeData entrypoint
https://notcve.org/view.php?id=CVE-2024-36409
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue. SuiteCRM es una aplicación de software de gestión de relaciones con el cliente (CRM) de código abierto. En versiones anteriores a 7.14.4 y 8.6.1, una validación de entrada deficiente permite la inyección SQL en el punto de entrada de datos del Tree. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-pxq4-vw23-v73f • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-36408 – SuiteCRM authenticated SQL Injection in Alerts
https://notcve.org/view.php?id=CVE-2024-36408
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. SuiteCRM es una aplicación de software de gestión de relaciones con el cliente (CRM) de código abierto. En versiones anteriores a 7.14.4 y 8.6.1, una validación de entrada deficiente permite la inyección de SQL en el controlador "Alertas". • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-2g8f-gjrr-x5cg • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-36407 – SuiteCRM unauthenticated user password reset on php7
https://notcve.org/view.php?id=CVE-2024-36407
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is also dependent on some password reset functionalities being enabled. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-6p2f-wwx9-952r • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVE-2024-36406 – SuiteCRM vulnerable to open redirects
https://notcve.org/view.php?id=CVE-2024-36406
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-hcw8-p37h-8hrv • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •