CVE-2024-36409: SuiteCRM authenticated SQL Injection in TreeData entrypoint
First published: Mon Jun 10 2024(Updated: )
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SugarCRM | <7.14.4 | |
| SugarCRM | >=8.0.0<8.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-36409?
CVE-2024-36409 has a high severity rating due to the potential for SQL Injection attacks.
How do I fix CVE-2024-36409?
To fix CVE-2024-36409, upgrade to SuiteCRM version 7.14.4 or 8.6.1 or later.
What versions of SuiteCRM are affected by CVE-2024-36409?
Versions prior to 7.14.4 and 8.6.1 of SuiteCRM are vulnerable to CVE-2024-36409.
What type of attack does CVE-2024-36409 enable?
CVE-2024-36409 enables SQL Injection attacks through poor input validation.
Who is responsible for resolving issues related to CVE-2024-36409?
The responsibility for resolving issues related to CVE-2024-36409 falls on the users who need to update their SuiteCRM installations.
- agent/title
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/event
- agent/severity
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/salesagility
- canonical/sugarcrm
- version/sugarcrm/8.0.0