Authenticated SQL injection in AM_ProjectTemplates controller in SuiteCRM

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database. This issue has been addressed in releases 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

SuiteCRM SQL注入漏洞

SuiteCRM是SuiteCRM团队的一个客户关系管理系统。 SuiteCRM 7.14.4版本存在SQL注入漏洞，该漏洞源于输入验证不充分。攻击者利用该漏洞可以泄露数据库中的所有数据。

N/A

N/A