[KIS-2020-05] SuiteCRM <= 7.11.10 Multiple SQL Injection Vulnerabilities

Related Vulnerabilities: CVE-2020-8804  
                							

            ----------------------------------------------------------
SuiteCRM &lt;= 7.11.10 Multiple SQL Injection Vulnerabilities
----------------------------------------------------------


[-] Software Link:

<a rel="nofollow" href="https://suitecrm.com/">https://suitecrm.com/</a>


[-] Affected Versions:

Version 7.11.10 and prior versions.


[-] Vulnerabilities Description:

<p>
<p>data from the database through boolean-based SQL injection attacks.

<p>
<p>through time-based SQL injection attacks.

<p>time-based SQL injection attacks.


[-] Solution:

Upgrade to version 7.11.11 or later.


[-] Disclosure Timeline:

[19/09/2019] - Vendor notified
[20/09/2019] - Vendor acknowledgement
[12/11/2019] - Vendor contacted again asking for updates, no response
<p>[07/02/2020] - CVE number assigned
[10/02/2020] - Version 7.11.11 released
[12/02/2020] - Public disclosure


[-] CVE Reference:

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2020-8804 to these vulnerabilities.


[-] Credits:

Vulnerabilities discovered by Egidio Romano.


[-] Original Advisory:

<a rel="nofollow" href="http://karmainsecurity.com/KIS-2020-05">http://karmainsecurity.com/KIS-2020-05</a>


_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a><p>