CNNVD-202511-858 Information
Nov 08, 2025
cve
CNNVD ID
CNNVD-202511-858
Related CVE
- CNNVD Published: 2025-11-08
Description (Chinese)
SuiteCRM是SuiteCRM团队的一个客户关系管理系统。 SuiteCRM 8.9.0及之前版本存在SQL注入漏洞,该漏洞源于存在基于时间的盲SQL注入,可能导致敏感信息泄露或权限提升。
Description (English)
SuiteCRM is a customer relationship management system for the SuiteCRM team. SuiteCRM 8.9.0 and previous versions have a SQL injection loophole, which stems from the time-based blind SQL injection, which may lead to the disclosure of sensitive information or the enhancement of privileges.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
SuiteCRM
Published
2025-11-08
Last Modified
2026-02-24
References
https://github.com/SuiteCRM/SuiteCRM-Core/security/advisories/GHSA-54m4-4p54-j8hp https://access.redhat.com/security/cve/cve-2025-64492
Patch
https://suitecrm.com/download/
Share on: