cbcvebase.
CVE-2023-5350
published 2023-10-03

CVE-2023-5350: SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.

PriorityP262critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EXPLOIT
EPSS
1.91%
77.2th percentile
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.

Affected

2 ranges
VendorProductVersion rangeFixed in
salesagilitysalesagility_suitecrm>= unspecified < 7.14.17.14.1
salesagilitysuitecrm< 7.14.17.14.1

Detection & IOCsextracted from sources · hover to see the quote

url/index.php?module=&action=index&searchFormTab=basic_search&query=true&export=true
  • Monitor HTTP requests to SuiteCRM's export entry point (index.php with export=true parameter) for anomalous or malformed SQL payloads, particularly from authenticated sessions.
  • Alert on authenticated SuiteCRM sessions issuing export requests that contain SQL metacharacters or UNION/SELECT patterns in query parameters.
  • Flag any SuiteCRM instance running prior to version 7.14.1 (NVD) or 7.12.6 (Metasploit module) as vulnerable and prioritize patching or WAF coverage on the export functionality.
  • ·There is a version discrepancy between sources: NVD states the vulnerability affects SuiteCRM prior to 7.14.1, while the Metasploit module targets versions before 7.12.6. Ensure detection and patching coverage accounts for the full range up to 7.14.1 as indicated by NVD.
  • ·Exploitation requires authentication; unauthenticated access alone is not sufficient to trigger this vulnerability. Detection rules should correlate SQL injection indicators with valid authenticated sessions.

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv3.06.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.