CVE-2024-36412
published 2024-06-10CVE-2024-36412: SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
5.69%
92.0th percentile
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| salesagility | suitecrm | < 7.14.4 | 7.14.4 |
| salesagility | suitecrm | — | — |
| salesagility | suitecrm | >= 8.0.0 < 8.6.1 | 8.6.1 |
Detection & IOCsextracted from sources · hover to see the quote
url/index.php?entryPoint=responseEntryPoint&event=1&delegate=a=6"
- →Look for HTTP GET requests targeting the `responseEntryPoint` entry point with a `delegate` parameter containing SQL injection payloads (e.g., unescaped quotes or time-based blind SQLi syntax).
- →Successful exploitation responses contain one of two specific strings in the HTTP body, indicating the injection was processed by the events response handler.
- →Use Shodan/FOFA queries to identify exposed SuiteCRM instances as potential targets; title-based fingerprinting is reliable for this product.
- →The vulnerability is unauthenticated (PR:N, UI:N) and time-based SQL injection; monitor for anomalous slow queries or delayed responses on `/index.php?entryPoint=responseEntryPoint` paths.
- →Tag detection rules with `time-based-sqli`, `suitecrm`, and `sqli` for triage; EPSS score of 0.93636 (99.8th percentile) indicates very high exploitation probability in the wild.
- ·The Nuclei template uses a 15-second timeout to accommodate time-based blind SQLi delays; detection rules or WAF signatures should account for intentionally slow responses on this endpoint.
- ·Affected versions are strictly prior to 7.14.4 and 8.6.1; version checks should target the CPE `cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*` with upper bounds at those fixed releases. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
Nuclei
SuiteCRM - SQL Injection
nuclei·CVSS 9.8
CVE-2024-36412 [CRITICAL] SuiteCRM - SQL Injection
SuiteCRM - SQL Injection
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
Template:
id: CVE-2024-36412
info:
name: SuiteCRM - SQL Injection
author: s4e-io
severity: critical
description: |
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
impact: |
Unauthenticated attackers can execute time-based SQL injection to extract sensitive CRM data.
remediation: |
Update SuiteC
2024-06-10
Published