CVE-2026-33288 in SuiteCRMالمعلومات

الملخص

بحسب MITRE • 20/03/2026

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, a SQL Injection vulnerability exists in the SuiteCRM authentication mechanisms when directory support is enabled. The application fails to properly sanitize the user-supplied username before using it in a local database query. An attacker with valid, low-privilege directory credentials can exploit this to execute arbitrary SQL commands, leading to complete privilege escalation (e.g., logging in as the CRM Administrator). Versions 7.15.1 and 8.9.3 patch the issue.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

18/03/2026

إفشاء

20/03/2026

الاعتدال

تمت الموافقة

إدخال

VDB-351981

CPE

جاهز

CWE

CWE-89 (مؤكد)

CVSS

8.8 (CNA)

EPSS

0.00068

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-33288
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-33288
CVE Details	https://www.cvedetails.com/cve/CVE-2026-33288/

التالي ▸نظرة عامة ◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!