CNNVD-202511-857 Information

CNNVD ID

CNNVD-202511-857

Related CVE

CVE-2025-64493

• CNNVD Published: 2025-11-08

Description (Chinese)

SuiteCRM是SuiteCRM团队的一个客户关系管理系统。 SuiteCRM 8.6.0版本至8.9.0版本存在SQL注入漏洞，该漏洞源于GraphQL-API的appMetadata-operation中存在经过身份验证的基于时间的SQL注入，可能导致任意数据提取。

Description (English)

SuiteCRM is a customer relationship management system for the SuiteCRM team. The SQL injection loophole exists in the SuiteCRM versions 8.6.0 to 8.9.0, which stems from the presence of an ID-based, time-based SQL injection in the AppMetadata-operation of GraphQL-API, which may lead to arbitrary data extraction.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

SuiteCRM

Published

2025-11-08

Last Modified

2026-02-24

References

https://github.com/SuiteCRM/SuiteCRM-Core/security/advisories/GHSA-5gcj-mfqq-v8f7 https://docs.suitecrm.com/community/security-policy https://access.redhat.com/security/cve/cve-2025-64493

Patch

https://suitecrm.com/download/