In SuiteCRM versions 7.14.4 and 8.6.1 a high severity vulnerability CVE-2024-45392 was detected. This vulnerability allows attackers to delete records via the API due to insufficient access control checks. To fix this issue users must upgrade to versions 7.14.5 and 8.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45392.
Read more CRMIn SuiteCRM versions prior to 7.14.4 and prior to 8.6.1 a high severity vulnerability CVE-2024-36415 was detected. This flaw in the product’s file upload system allows attackers to upload harmful files that can be executed, potentially compromising the system. This issue was resolved in versions 7.14.4 and 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36415/.
Read more CRMIn SuiteCRM versions 7.14.4 and 8.6.1 a medium severity vulnerability CVE-2024-36414 was detected. This vulnerability allows attackers to perform a server-side request forgery attack. To address this issue, users must install the fix in the versions 7.14.4 and 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36414/.
Read more CRMIn SuiteCRM prior to versions 7.14.4 and 8.6.1, a medium severity vulnerability CVE-2024-36413 was detected. A weakness in the import module error view allows XSS attacks due to improper input sanitization. Versions 7.14.4 and 8.6.1 fix this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36413.
Read more CRMIn SuiteCRM versions 7.14.4 and 8.6.1 a critical severity vulnerability CVE-2024-36417 was detected. An unverified IFrame could enable a cross-site scripting attack by allowing harmful inputs to be served to users without proper security checks. Versions 7.14.4 and 8.6.1 contain a fix for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36417/.
Read more CRMIn SuiteCRM versions 7.14.4 and 8.6.1 a medium severity vulnerability CVE-2024-36406 was detected. Unchecked input in a web application can be exploited to redirect users to malicious sites, making phishing attacks easier. Versions 7.14.4 and 8.6.1 contain a fix for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36406/.
Read more CRMIn SuiteCRM versions 7.14.4 and 8.6.1 a medium severity vulnerability CVE-2024-36407 was detected. An attacker can reset your password without accessing it, which can be annoying, and this only happens if certain password reset features are enabled and the system uses the outdated PHP 7 version. Versions 7.14.4 and 8.6.1 contain a fix for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36407/.
Read more CRMIn SuiteCRM prior to versions 7.14.4 and 8.6.1, a high severity vulnerability CVE-2024-36409 was detected. Poor input validation in the Tree data entry point allows SQL Injection because it doesn’t properly clean user input. This means that when the input is passed to other parts of the system, it can change the intended commands. Versions 7.14.4 and 8.6.1 contain a fix for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36409.
Read more CRMIn SuiteCRM versions 7.14.4 and 8.6.1 a critical severity vulnerability CVE-2024-36412 was detected. This vulnerability allows attackers to use SQL injection attacks. To address this issue, users must install the fix in the versions 7.14.4 and 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36412/.
Read more CRM