CVE-2019-25664

Sažetak

SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the index.php endpoint to extract sensitive database information through time-based blind SQL injection techniques.

Reference

https://suitecrm.com/
https://suitecrm.com/download/
https://www.exploit-db.com/exploits/46311
https://www.vulncheck.com/advisories/suitecrm-sql-injection-via-record-parameter

CVSS

Base:	7.1
Impact:	4.2
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Zadnje važnije ažuriranje

05-04-2026 - 21:16

Objavljeno

05-04-2026 - 21:16