CVE-2021-45041

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions 7.12.2 and earlier, 8.x versions prior to 8.0.1

Description: The issue allows authenticated SQL injection via the Tooltips action in the Project module, involving resource id and start date. This can be exploited by authenticated users.

Recommendations: For SuiteCRM versions 7.12.2 and earlier, update to version 7.12.2 or later. For SuiteCRM 8.x versions prior to 8.0.1, update to version 8.0.1 or later. As a temporary workaround, consider restricting access to the Tooltips action in the Project module until a patch is available.