CVE-2024-49773

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.14.6 SuiteCRM versions prior to 8.7.1

Description: The issue is related to poor input validation in the export functionality, allowing an authenticated user to perform a SQL injection attack. The current post parameter in the export entry point can be exploited to perform blind SQL injection via the generateSearchWhere() function, potentially leading to information disclosure, including personally identifiable information.

Recommendations: For versions prior to 7.14.6, upgrade to version 7.14.6 or later. For versions prior to 8.7.1, upgrade to version 8.7.1 or later. As a temporary workaround, consider restricting access to the export entry point to minimize the risk of exploitation. Avoid using the current post parameter in the affected export entry point until the issue is resolved.