SuiteCRM 7.10.x Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) Vulnerability


SuiteCRM 7.10.x suffers from improper neutralization of special elements used in an sql command vulnerability



The information has been provided by Vendor

The original article can be found at:




SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection.


Vulnerable Systems:

SuiteCRM 7.10.x versions prior to 7.10.21 

SuiteCRM 7.11.x versions prior to 7.11.9 


CVE Information:


Disclosure Timeline:
Published Date:11/5/2019