CVE-2024-36419

Severity CVSS v4.0:
Pending analysis
Type:
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Publication date:
10/06/2024
Last modified:
19/09/2024

Description

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the `/legacy` route. Version 8.6.1 contains a patch for the issue.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:* 8.6.1 (excluding)