CVE-2024-36415

Published: Jun 10, 2024Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Affected (2)

Products: Salesagility: Suitecrm

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Salesagility Suitecrm	Before 7.14.4
Salesagility Suitecrm	From 8.0.0 to 8.6.1

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

References (2)

https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-c82f-58jv-jfrh

Source: security-advisories@github.com

Vendor Advisory

https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-c82f-58jv-jfrh

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.