Guilhermemury

#10091de 53,640
27.4CVSS total
Vulnerabilidades · 3
Alta
2
Crítica
1
PT-2026-26451
8.8
2026-03-19
Suitecrm · Suitecrm · CVE-2026-33288
**Name of the Vulnerable Software and Affected Versions** SuiteCRM versions prior to 7.15.1 SuiteCRM versions prior to 8.9.3 **Description** SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A SQL Injection issue exists in the authentication mechanisms when directory support is enabled. The application does not properly sanitize the `username` supplied by the user before using it in a database query. An attacker with valid, low-privilege directory credentials can exploit this to execute arbitrary SQL commands, potentially leading to complete privilege escalation, such as logging in as the CRM Administrator. **Recommendations** SuiteCRM versions prior to 7.15.1 should be updated to version 7.15.1 or later. SuiteCRM versions prior to 8.9.3 should be updated to version 8.9.3 or later.
PT-2026-26452
9.8
2026-03-19
Suitecrm · Suitecrm · CVE-2026-33289
**Name of the Vulnerable Software and Affected Versions** SuiteCRM versions prior to 7.15.1 SuiteCRM versions prior to 8.9.3 **Description** SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A flaw exists in the authentication process where the application does not properly validate user-provided input before including it in the LDAP search filter. An attacker can inject LDAP control characters to manipulate the query logic, potentially leading to authentication bypass or information disclosure. The `LDAP` search filter is vulnerable to manipulation through injected control characters. The vulnerable component is the authentication flow. **Recommendations** Versions prior to 7.15.1 should be updated to version 7.15.1 or later. Versions prior to 8.9.3 should be updated to version 8.9.3 or later.
PT-2025-51926
8.8
2025-12-17
Churchcrm · Churchcrm · CVE-2025-67877
**Nome do Software Vulnerável e Versões Afetadas** Versões do ChurchCRM anteriores à 6.5.3 **Descrição** O ChurchCRM, um sistema de gerenciamento de igrejas de código aberto, contém uma vulnerabilidade de injeção de SQL. A vulnerabilidade encontra-se no arquivo `src/CartToFamily.php`, especificamente no tratamento do parâmetro POST `PersonAddress`. O parâmetro `PersonAddress` não possui a conversão de tipo adequada, ao contrário de outros parâmetros no mesmo arquivo, permitindo a injeção de comandos SQL arbitrários. **Recomendações** Atualize para a versão 6.5.3 ou posterior.