CVE-2024-49772

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 5, 2024
Updated: Nov 13, 2024
CWE ID 89

Summary

CVE-2024-49772 is a vulnerability affecting SuiteCRM, an open-source CRM software. In versions 7.14.4, insufficient input validation leads to a SQL injection risk. An authenticated user with low privileges can exploit this weakness to access all database data. The issue has been rectified in releases 7.14.6 and 8.7.1, and users are strongly urged to upgrade without delay. No known workarounds exist for this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • SuiteCRM

Affected Vendors

  • SalesAgility Ltd.