CVE-2024-36410

HIGH8.8EPSS 0.09%

SuiteCRM authenticated SQL Injection in EmailUIAjax messages count controller

Published: 6/12/2024Modified: 10/15/2025

Description

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Affected packages (1)

Bitnami/suitecrmfrom 0, < 7.14.4, >= 8.0.0, < 8.6.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (2)

WEBhttps://github.com/salesagility/SuiteCRM/security/advisories/GHSA-7jj8-m2wj-m6xq
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-36410