SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 SQL Injection Vulnerability

Overview :

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted.You may notice when installing SuiteCRM a new panel which allows for the configuration of different collations and type-sets. This is part of our progression towards resolving issues with special characters and emojis. Currently available sets include utf8 and utf8mb4.

Affected Product(s) :

Vulnerability Details :

CVE ID :	CONFIRM:https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_23 CONFIRM:https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_11

Reference Key

Each reference used in CVE has the following structure:

SOURCE: NAME

SOURCE is an alphanumeric keyword.
(Examples: “BUGTRAQ”, “OVAL”, etc.)
NAME is a single line of ASCII text and can include colons and spaces.
(Examples: “BUGTRAQ: Posting to Bugtraq mailing list”; “OVAL: Open Vulnerability and Assessment Language (OVAL) vulnerability definition”; etc.)

Where possible, the NAME is selected to facilitate searches on a SOURCE’s website. For references that do not have a well-defined identifier, a release date and/or subject header may be included.