SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 SQL Injection Vulnerability

Overview :
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted.You may notice when installing SuiteCRM a new panel which allows for the configuration of different collations and type-sets. This is part of our progression towards resolving issues with special characters and emojis. Currently available sets include utf8 and utf8mb4.

 

 

Affected Product(s) :
Vulnerability Details :
CVE ID :

Reference Key

Each reference used in CVE has the following structure:

SOURCE: NAME

  • SOURCE is an alphanumeric keyword.
    (Examples: “BUGTRAQ”, “OVAL”, etc.)
  • NAME is a single line of ASCII text and can include colons and spaces.
    (Examples: “BUGTRAQ: Posting to Bugtraq mailing list”; “OVAL: Open Vulnerability and Assessment Language (OVAL) vulnerability definition”; etc.)

Where possible, the NAME is selected to facilitate searches on a SOURCE’s website. For references that do not have a well-defined identifier, a release date and/or subject header may be included.

Reference Order

References are typically listed in the order below:

  • Initial announcement
  • Response team advisory
  • Vendor acknowledgement/advisory
  • All other public sources