CVE-2024-36415

Summary

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

Affected Software

VendorProductVersion RangeStatus
salesagilitySuiteCRM< 7.14.4affected
salesagilitySuiteCRM>= 8.0.0, < 8.6.1affected

Weaknesses

  • CWE-98: CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
  • CWE-434: CWE-434: Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References