CVE-2024-49773

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 5, 2024
Updated: Nov 13, 2024
CWE ID 89

Summary

CVE-2024-49773 is a vulnerability affecting SuiteCRM, an open-source CRM software. This issue stems from poor input validation in the export function, enabling authenticated users to execute SQL injection attacks. The `current_post` parameter is the entry point for this vulnerability, which can be exploited via `generateSearchWhere()` to perform blind SQL injections. The attack allows for data disclosure, potentially exposing personally identifiable information. Affected users are advised to upgrade to SuiteCRM versions 7.14.6 and 8.7.1 to mitigate this risk. No known workarounds are available for this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • SuiteCRM

Affected Vendors

  • SalesAgility Ltd.