CVE-2023-5350

CRITICAL

SuiteCRM < 7.14.1 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-5350. PoCs published by Exodus Intelligence, jheysel-r7, Redouane NIBOUCHA <[email protected]>, including Metasploit module auxiliary/gather/suite_crm_export_sqli.

AI-analyzed exploit summary This Metasploit module exploits an authenticated SQL injection vulnerability in SuiteCRM versions before 7.12.6, allowing an attacker to dump usernames and password hashes from the database via crafted export requests.

Description

SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.

Exploits (1)

metasploit WORKING POC
by Exodus Intelligence, jheysel-r7, Redouane NIBOUCHA <[email protected]> · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/suite_crm_export_sqli.rb

This Metasploit module exploits an authenticated SQL injection vulnerability in SuiteCRM versions before 7.12.6, allowing an attacker to dump usernames and password hashes from the database via crafted export requests.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: SuiteCRM < 7.12.6
Auth required
Prerequisites: Valid SuiteCRM credentials · Access to the SuiteCRM web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.1
EPSS 0.0191
EPSS Percentile 77.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
salesagility/suitecrm < 7.14.1
Published Oct 03, 2023
Tracked Since Feb 18, 2026