PT-2026-30473 · Suitecrm · Suitecrm
Mehmet Emiroglu
·
Published
2026-04-05
·
Updated
2026-04-05
·
CVE-2019-25664
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the index.php endpoint to extract sensitive database information through time-based blind SQL injection techniques.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Suitecrm