In SuiteCRM versions 7.14.4 and 8.6.1 a critical severity vulnerability CVE-2024-36417 was detected. An unverified IFrame could enable a cross-site scripting attack by allowing harmful inputs to be served to users without proper security checks. To address this issue, users should update SuiteCRM to versions 7.14.4 or 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36417/.
Read more CRM
In SuiteCRM versions 7.14.4 and 8.6.1 a medium severity vulnerability CVE-2024-36406 was detected. Unchecked input in a web application can be exploited to redirect users to malicious sites, making phishing attacks easier. To address this issue, users should update SuiteCRM to versions 7.14.4 or 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36406/.
Read more CRM
In SuiteCRM versions 7.14.4 and 8.6.1 a medium severity vulnerability CVE-2024-36407 was detected. An attacker can reset your password without accessing it, which can be annoying, and this only happens if certain password reset features are enabled and the system uses the outdated PHP 7 version. To address this issue, users should update SuiteCRM to versions 7.14.4 and 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36407/.
In SuiteCRM prior to versions 7.14.4 and 8.6.1 a high severity vulnerability CVE-2024-36409 was detected. Poor input validation in the Tree data entry point allows SQL Injection because it doesn’t properly clean user input. This means that when the input is passed to other parts of the system, it can change the intended commands. To address this issue, users should update SuiteCRM to versions 7.14.4 or 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36409.
Read more CRM
In SuiteCRM versions 7.14.4 and 8.6.1 a critical severity vulnerability CVE-2024-36412 was detected. This vulnerability allows attackers to use SQL injection attacks. To address this issue, users must install the fix in the versions 7.14.4 and 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36412/.
Read more CRM
In SuiteCRM versions 7.14.4 and 8.6.1 a high severity vulnerability CVE-2024-36418 was detected. This vulnerability allows attackers to perform a remote code execution attack. To address this issue, users must upload the fix in versions 7.14.4 and 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36418/.
Read more CRM
In SuiteCRM versions prior to 7.14.4 and 8.6 a critical severity vulnerability CVE-2024-36411 was detected. This vulnerability is due to poor input validation in the EmailUIAjax displayView controller, which allows for SQL Injection attacks. Users are strongly advised to upgrade to versions 7.14.4 and 8.6.1 to ensure their systems are secure. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36411.
Read more CRM
In SuiteCRM versions prior to 7.14.4 and 8.6.1 a critical severity vulnerability CVE-2024-36408 was detected. This problem allows SQL Injection through improper input validation in the Alerts controller. To address this issue, users should update SuiteCRM to versions 7.14.4 or 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36408.
Read more CRM
In SuiteCRM versions 7.14.4 and 8.6.1 a high severity vulnerability CVE-2024-36416 was detected. This vulnerability allows attackers to deny service by logging too much data. To address this issue, users must upload the fix in versions 7.14.4 and 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36416/.
Read more CRM