Primary

Context

SalesAgility SuiteCRM SQL Injection Vulnerability in Export Functionality Allowing Remote Code Execution

Vulnerability

Patched

A SQL injection vulnerability has been identified in SalesAgility SuiteCRM versions prior to 7.12.6. The issue arises in the 'export' functionality, specifically within the 'uid' parameter processing. This vulnerability allows remote, unauthenticated attackers to execute arbitrary code on the server.

Impact

Exploitation of this vulnerability allows for SQL injection, which could be used to manipulate database queries. In this case, it could lead to remote code execution on the server.

Remediation

Users are advised to upgrade to SuiteCRM version 7.12.6 or later.

Added: Nov 6, 2025, 10:17 PM

Updated: Nov 6, 2025, 10:17 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

8.1

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

8.1

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SalesAgility SuiteCRM SQL Injection Vulnerability in Export Functionality Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

SalesAgility SuiteCRM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating