CVE-2024-50333
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-50333: SuiteCRM, an open-source CRM software, contains a vulnerability where user input is not properly validated and can be written to the filesystem. This issue affects versions prior to 7.14.6 and 8.7.1. An attacker can exploit this vulnerability by manipulating input to the ParserLabel::addLabels() function, resulting in attacker-controlled data being written to a custom language file. The impact is that this file, which is included at runtime, can lead to arbitrary code execution. Users are strongly advised to upgrade to the patched versions as soon as possible, as there are no known workarounds for this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- SuiteCRM
Affected Vendors
- SalesAgility Ltd.