CVE-2024-36409

HIGH8.8EPSS 0.29%

SuiteCRM authenticated SQL Injection in TreeData entrypoint

Published: 6/12/2024Modified: 10/15/2025

Description

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Affected packages (1)

Bitnami/suitecrmfrom 0, < 7.14.4, >= 8.0.0, < 8.6.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (2)

WEBhttps://github.com/salesagility/SuiteCRM/security/advisories/GHSA-pxq4-vw23-v73f
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-36409