Primary

Context

SuiteCRM LDAP Injection Vulnerability in Authentication Flow

Vulnerability

A vulnerability allowing LDAP injection has been identified in SuiteCRM versions prior to 7.15.1 and 8.9.3. This issue arises because the application does not adequately sanitize user input before incorporating it into the LDAP search filter. As a result, an unauthenticated attacker could inject LDAP control characters to manipulate the query logic, potentially leading to authentication bypass or unauthorized information disclosure.

Impact

Exploitation of this vulnerability could result in authentication bypass or unauthorized information disclosure.

Remediation

Users can upgrade to SuiteCRM versions 7.15.1 or 8.9.3 to address this vulnerability.

Added: Mar 20, 2026, 12:19 AM

Updated: Mar 20, 2026, 12:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SuiteCRM LDAP Injection Vulnerability in Authentication Flow

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating