CVE-2024-50332

Summary

CVE-2024-50332 is a new vulnerability affecting SuiteCRM, an open-source CRM software. This issue stems from insufficient input value validation in the DeleteRelationShip function, leading to Blind SQL injection. Malicious actors can exploit this vulnerability to manipulate data without direct visibility, posing a significant risk. The latest versions of SuiteCRM, 7.14.6 and 8.7.1, have been released to address this vulnerability. It is highly recommended that users upgrade to these versions to mitigate this risk. No known workarounds are currently available for this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.