CVE-2024-49772

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 5, 2024

Updated: Nov 13, 2024

CWE ID 89

Summary

CVE-2024-49772 is a vulnerability affecting SuiteCRM, an open-source CRM software. In versions 7.14.4, insufficient input validation leads to a SQL injection risk. An authenticated user with low privileges can exploit this weakness to access all database data. The issue has been rectified in releases 7.14.6 and 8.7.1, and users are strongly urged to upgrade without delay. No known workarounds exist for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SuiteCRM

Affected Vendors

SalesAgility Ltd.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/znVA86
https://www.cve.org/CVERecord?id=CVE-2024-49772
https://nvd.nist.gov/vuln/detail/CVE-2024-49772

Back to Vulnerability Database