CVE-2024-36410: SuiteCRM authenticated SQL Injection in EmailUIAjax messages count controller
First published: Mon Jun 10 2024(Updated: )
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SugarCRM | <7.14.4 | |
| SugarCRM | >=8.0.0<8.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-36410?
CVE-2024-36410 is classified as a high severity vulnerability due to the potential for SQL Injection attacks.
How do I fix CVE-2024-36410?
To fix CVE-2024-36410, upgrade SuiteCRM to version 7.14.4 or 8.6.1 or later.
What versions of SuiteCRM are affected by CVE-2024-36410?
CVE-2024-36410 affects SuiteCRM versions prior to 7.14.4 and versions between 8.0.0 and 8.6.0.
What are the potential impacts of CVE-2024-36410?
Exploitation of CVE-2024-36410 can lead to unauthorized data access and manipulation through SQL Injection.
Is there a known exploit for CVE-2024-36410?
As of now, there are no publicly known exploits specifically targeting CVE-2024-36410.
- agent/title
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/event
- agent/severity
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/salesagility
- canonical/sugarcrm
- version/sugarcrm/8.0.0