Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SuiteCRM has Authenticated SQL Injection in Authentication Module
Vulnerability Description
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, a SQL Injection vulnerability exists in the SuiteCRM authentication mechanisms when directory support is enabled. The application fails to properly sanitize the user-supplied username before using it in a local database query. An attacker with valid, low-privilege directory credentials can exploit this to execute arbitrary SQL commands, leading to complete privilege escalation (e.g., logging in as the CRM Administrator). Versions 7.15.1 and 8.9.3 patch the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
SuiteCRM SQL注入漏洞
Vulnerability Description
SuiteCRM是SuiteCRM团队的一个客户关系管理系统。 SuiteCRM 7.15.1之前版本和8.9.3之前版本存在SQL注入漏洞,该漏洞源于启用目录支持时,身份验证机制未正确清理用户提供的用户名,可能导致具有低权限目录凭据的攻击者执行任意SQL命令,造成权限提升。
CVSS Information
N/A
Vulnerability Type
N/A