Primary

Context

SuiteCRM Authenticated Database Leak Vulnerability

Vulnerability

A vulnerability allowing authenticated users to access arbitrary database fields has been identified in SuiteCRM versions through 7.12.7. This issue arises from improper handling of user permissions, enabling unauthorized data access.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive database information, which could include user data or application configurations.

Reproduction

To reproduce this vulnerability, log into SuiteCRM as an authenticated user. Once logged in, navigate to the 'Home' module and use the 'Advanced Search' feature to search for a specific employee. After initiating the search, the vulnerability can be exploited by accessing the 'Employees' module and retrieving the 'whoami' command output, which confirms successful exploitation.

Remediation

Users are advised to upgrade to SuiteCRM version 7.12.8 or later, where this vulnerability has been addressed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SuiteCRM Authenticated Database Leak Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating