In SuiteCRM versions 7.14.4 and 8.6.1 a high severity vulnerability CVE-2024-36418 was detected. This vulnerability allows attackers to perform a remote code execution attack. To address this issue, users must upload the fix in versions 7.14.4 and 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36418/.
Read more CRMIn SuiteCRM versions prior to 7.14.4 and 8.6 a critical severity vulnerability CVE-2024-36411 was detected. This vulnerability is due to poor input validation in the EmailUIAjax displayView controller, which allows for SQL Injection attacks. Users are strongly advised to upgrade to versions 7.14.4 and 8.6.1 to ensure their systems are secure. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36411.
Read more CRMIn SuiteCRM versions prior to 7.14.4 and prior to 8.6.1 a critical severity vulnerability CVE-2024-36410 was detected. Poor input validation in the EmailUIAjax messages count controller lets attackers exploit the system by inserting harmful SQL commands. This issue was resolved in versions 7.14.4 and 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36410/.
Read more CRMIn SuiteCRM version 8.6.1 a medium severity vulnerability CVE-2024-36419 was detected. This vulnerability allows attackers to simplify phishing attacks. To address this issue, users must install a patch in version 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36419/.
Read more CRM