CNNVD-202511-863 Information
CNNVD ID
CNNVD-202511-863
Related CVE
- CNNVD Published: 2025-11-08
Description (Chinese)
SuiteCRM是SuiteCRM团队的一个客户关系管理系统。 SuiteCRM 7.14.7及之前版本和8.0.0-beta.1至8.9.0版本存在SQL注入漏洞,该漏洞源于攻击者可构造恶意call_id参数操纵SQL查询逻辑或注入任意SQL语句,可能导致未经授权的数据访问、数据渗漏和完整数据库泄露。
Description (English)
SuiteCRM is a customer relationship management system for the SuiteCRM team. SuiteCRM 7.14.7 and previous versions and versions 8.0.0-beta.1 to 8.9.0 contain a leak in SQL, which stems from the fact that the assailants can construct malicious carl id parameters to manipulate the SQL query logic or inject any SQL statement that could lead to unauthorized data access, data leakage and full database leakage.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
SuiteCRM
Published
2025-11-08
Last Modified
2026-02-24
References
https://github.com/SuiteCRM/SuiteCRM-Core/commit/30277cfe69755f7360a23d4805e06a5c38f14131 https://github.com/SuiteCRM/SuiteCRM/commit/40da2845a170832a4e9e9fa0ebe731f8c34de42d https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-5v53-v44q-ww2c https://access.redhat.com/security/cve/cve-2025-64488
Patch
https://suitecrm.com/download/
Share on: