CVE-2019-6506
CRITICALSuiteCRM < 7.8.28, 7.9.x, < 7.10.15, < 7.11.3 - SQL Injection
Title source: llmDescription
SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
https://suitecrm.com/suitecrm-7-11-3-lts-security-maintenance-patch-released/
Release Notes x_refsource_confirm
https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_3
Release Notes x_refsource_confirm
https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_15
Release Notes x_refsource_confirm
https://docs.suitecrm.com/admin/releases/7.8.x/#_7_8_28
Release Notes x_refsource_misc
https://docs.suitecrm.com/admin/releases/#anchor-7.10.11
Scores
CVSS v3
9.8
EPSS
0.0170
EPSS Percentile
74.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
salesagility/suitecrm
7.11.0
Published
Apr 02, 2019
Tracked Since
Feb 18, 2026