SuiteCRM 7.10.x Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) Vulnerability

Summary

SuiteCRM 7.10.x suffers from improper neutralization of special elements used in an sql command vulnerability

 

Credit:

The information has been provided by Vendor

The original article can be found at:https://docs.suitecrm.com/admin/releases/7.10.x/

 

 


Details

SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection.

 

Vulnerable Systems:

SuiteCRM 7.10.x versions prior to 7.10.21 

SuiteCRM 7.11.x versions prior to 7.11.9 

 

CVE Information:

CVE-2019-18784

Disclosure Timeline:
Published Date:11/5/2019