Escanear grátis
CRITICALCVE-2024-36411CVSS 9.6

SuiteCRM authenticated SQL Injection in EmailUIAjax displayView controller

traduzindo…

Plataforma

php

Componente

suitecrm

Corrigido em

7.14.5

8.0.1

AI Confidence: highNVDEPSS 0.3%Revisado: mai. de 2026
Ver no NVD
Salvar
Traduzindo para o seu idioma…

CVE-2024-36411 describes a critical SQL Injection vulnerability affecting SuiteCRM versions 8.0.0 and below, as well as versions prior to 8.6.1. This flaw stems from insufficient input validation within the EmailUIAjax displayView controller, enabling attackers to potentially manipulate database queries. The vulnerability was addressed in version 7.14.4, and users are strongly advised to upgrade immediately to prevent exploitation.

Impacto e Cenários de Ataquetraduzindo…

Successful exploitation of CVE-2024-36411 allows an attacker to inject arbitrary SQL code into SuiteCRM's database queries. This can lead to unauthorized access, modification, or deletion of sensitive customer data, including contact information, sales records, and financial details. An attacker could potentially gain complete control over the SuiteCRM instance, leading to data breaches, system compromise, and reputational damage. The impact is particularly severe given the sensitive nature of CRM data and the potential for widespread data exposure. This vulnerability shares characteristics with other SQL injection flaws, where attackers can bypass authentication and authorization controls.

Contexto de Exploraçãotraduzindo…

CVE-2024-36411 was publicly disclosed on June 10, 2024. The vulnerability's CRITICAL CVSS score (9.6) indicates a high probability of exploitation. While no public proof-of-concept (PoC) code has been widely reported, the ease of SQL injection exploitation suggests that it could quickly become a target for automated attacks. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.

Quem Está em Riscotraduzindo…

Organizations heavily reliant on SuiteCRM for managing customer relationships are particularly at risk. This includes businesses using older, unpatched versions of SuiteCRM, especially those with limited security resources or those running SuiteCRM on shared hosting environments where patching may be delayed or controlled by the hosting provider. Companies with sensitive customer data stored within SuiteCRM are also at heightened risk.

Passos de Detecçãotraduzindo…

• php: Examine SuiteCRM application logs for SQL errors or unusual database activity. Look for patterns indicative of SQL injection attempts.

grep -i 'SQL error' /path/to/suitecrm/logs/sugar_*.log

• generic web: Monitor web server access logs for requests to the /includes/EmailUIAjax.php endpoint with unusual parameters.

curl -s -v 'http://your-suitecrm-instance/includes/EmailUIAjax.php?displayView=some_malicious_sql_injection_payload' | grep -i 'SQL injection'

• database (mysql): Check MySQL audit logs for unauthorized database queries or modifications. Look for queries originating from the SuiteCRM application that contain suspicious SQL syntax.

SELECT * FROM mysql.general_log WHERE command_type = 'Query' AND user = 'suitecrm_user' AND argument LIKE '%SELECT%UNION%';

Linha do Tempo do Ataque

  1. Disclosure

    disclosure

  2. Patch

    patch

Inteligência de Ameaças

Status do Exploit

Prova de ConceitoDesconhecido
CISA KEVNO
Exposição na InternetAlta

EPSS

0.29% (percentil 52%)

CISA SSVC

Exploraçãonone
Automatizávelno
Impacto Técnicopartial

Vetor CVSS

INTELIGÊNCIA DE AMEAÇAS· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H9.6CRITICALAttack VectorNetworkComo o atacante alcança o alvoAttack ComplexityLowCondições necessárias para explorarPrivileges RequiredLowNível de autenticação necessárioUser InteractionNoneSe a vítima precisa tomar uma açãoScopeChangedImpacto além do componente afetadoConfidentialityNoneRisco de exposição de dados sensíveisIntegrityHighRisco de modificação não autorizada de dadosAvailabilityHighRisco de interrupção de serviçonextguardhq.com · Pontuação Base CVSS v3.1
O que significam essas métricas?
Attack Vector
Rede — explorável remotamente pela internet. Sem acesso físico ou local necessário.
Attack Complexity
Baixa — sem condições especiais. O atacante pode explorar de forma confiável.
Privileges Required
Baixo — qualquer conta de usuário válida é suficiente.
User Interaction
Nenhuma — ataque automático e silencioso. A vítima não faz nada.
Scope
Alterado — o ataque pode pivotar para além do componente vulnerável.
Confidentiality
Nenhum — sem impacto na confidencialidade.
Integrity
Alto — o atacante pode escrever, modificar ou excluir qualquer dado.
Availability
Alto — falha completa ou esgotamento de recursos. Negação de serviço total.

Software Afetado

Componentesuitecrm
Fornecedorsalesagility
Faixa afetadaCorrigido em
< 7.14.4 – < 7.14.47.14.5
>= 8.0.0, < 8.6.1 – >= 8.0.0, < 8.6.18.0.1

Classificação de Fraqueza (CWE)

CWE-89

Linha do tempo

  1. Reservado
  2. Publicada
  3. Modificada
  4. EPSS atualizado

Mitigação e Soluções Alternativastraduzindo…

The primary mitigation for CVE-2024-36411 is to upgrade SuiteCRM to version 7.14.4 or later. If immediate upgrading is not feasible, consider implementing temporary workarounds such as restricting access to the affected endpoint (EmailUIAjax displayView controller) via a Web Application Firewall (WAF) or proxy server. Configure the WAF to block any requests containing suspicious SQL syntax. Regularly review and audit database access logs for any unusual activity. After upgrading, confirm the fix by attempting to trigger the vulnerable endpoint with a known SQL injection payload and verifying that the request is properly sanitized and does not result in a database error.

Como corrigirtraduzindo…

Actualice SuiteCRM a la versión 7.14.4 o superior, o a la versión 8.6.1 o superior. Esto solucionará la vulnerabilidad de inyección SQL en el controlador EmailUIAjax displayView. Se recomienda realizar una copia de seguridad antes de actualizar.

Boletim de Segurança CVE

Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.

Perguntas frequentestraduzindo…

What is CVE-2024-36411 — SQL Injection in SuiteCRM?

CVE-2024-36411 is a critical SQL Injection vulnerability in SuiteCRM versions 8.0.0 and below, and versions prior to 8.6.1, allowing attackers to manipulate database queries.

Am I affected by CVE-2024-36411 in SuiteCRM?

You are affected if you are running SuiteCRM versions 8.0.0 and below, or versions prior to 8.6.1. Check your SuiteCRM version against the affected versions listed in the CVE description.

How do I fix CVE-2024-36411 in SuiteCRM?

Upgrade SuiteCRM to version 7.14.4 or later to resolve this vulnerability. If immediate upgrading is not possible, implement temporary WAF rules to block suspicious requests.

Is CVE-2024-36411 being actively exploited?

While no widespread exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of future attacks. Monitor security advisories.

Where can I find the official SuiteCRM advisory for CVE-2024-36411?

Refer to the official SuiteCRM security advisory for detailed information and updates: [https://suitecrm.com/security/bulletin/cve-2024-36411/](https://suitecrm.com/security/bulletin/cve-2024-36411/)

Seu projeto está afetado?

Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.

Escanear grátisBuscar CVEs