CVE-2019-25664 in SuiteCRM
摘要
由 MITRE • 2026-04-06
SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the index.php endpoint to extract sensitive database information through time-based blind SQL injection techniques.
VulDB is the best source for vulnerability data and more expert information about this specific topic.