SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 SQL Injection Vulnerability

Rajaneesh

Overview :

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted.You may notice when installing SuiteCRM a new panel which allows for the configuration of different collations and type-sets. This is part of our progression towards resolving issues with special characters and emojis. Currently available sets include utf8 and utf8mb4.

Affected Product(s) :

Vulnerability Details :

CVE ID :	CONFIRM:https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_23 CONFIRM:https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_11

Reference Key

Each reference used in CVE has the following structure:

SOURCE: NAME

SOURCE is an alphanumeric keyword.
(Examples: “BUGTRAQ”, “OVAL”, etc.)
NAME is a single line of ASCII text and can include colons and spaces.
(Examples: “BUGTRAQ: Posting to Bugtraq mailing list”; “OVAL: Open Vulnerability and Assessment Language (OVAL) vulnerability definition”; etc.)

Where possible, the NAME is selected to facilitate searches on a SOURCE’s website. For references that do not have a well-defined identifier, a release date and/or subject header may be included.

Reference Order

References are typically listed in the order below:

Initial announcement
Response team advisory
Vendor acknowledgement/advisory
All other public sources

Reference Key

Reference Order

Related Articles

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71