CVE-2019-12600: SQL Injection
First published: Fri Jun 07 2019(Updated: )
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SalesAgility SuiteCRM | >=7.8.0<=7.8.5 | |
| SalesAgility SuiteCRM | >=7.8.6<=7.8.11 | |
| SalesAgility SuiteCRM | >=7.8.12<7.8.30 | |
| SalesAgility SuiteCRM | >=7.10.0<7.10.17 | |
| SalesAgility SuiteCRM | >=7.11.0<7.11.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for SuiteCRM?
The vulnerability ID for SuiteCRM is CVE-2019-12600.
What is the severity of CVE-2019-12600?
The severity of CVE-2019-12600 is critical with a CVSS score of 9.8.
What versions of SuiteCRM are affected by CVE-2019-12600?
SuiteCRM versions 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 are affected by CVE-2019-12600.
What is the CWE category for CVE-2019-12600?
The CWE category for CVE-2019-12600 is CWE-89.
How can I fix the SQL Injection vulnerability in SuiteCRM?
To fix the SQL Injection vulnerability in SuiteCRM, you should upgrade to version 7.8.30, 7.10.17, or 7.11.5 depending on your current version.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/salesagility
- canonical/salesagility suitecrm
- version/salesagility suitecrm/7.8.0
- version/salesagility suitecrm/7.8.5
- version/salesagility suitecrm/7.8.6
- version/salesagility suitecrm/7.8.11
- version/salesagility suitecrm/7.8.12
- version/salesagility suitecrm/7.10.0
- version/salesagility suitecrm/7.11.0