top of page
perceptive_background_267k.jpg

SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the pare…

Published:

4 April 2026 at 22:00:00

Alert date:

5 April 2026 at 22:09:03

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Database & Storage

SuiteCRM version 7.10.7 contains a SQL injection vulnerability affecting authenticated users. The vulnerability exists in the parentTab parameter of the email module, allowing attackers to manipulate database queries through GET requests. Attackers can exploit this using boolean-based SQL injection techniques to extract sensitive database information. The vulnerability requires authentication but allows for database manipulation and information disclosure. Multiple advisories and exploit code are available publicly for this CVE.

Technical details

Mitigation steps:

Affected products:

SuiteCRM

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2019-25663
https://suitecrm.com/
https://suitecrm.com/download/
https://www.exploit-db.com/exploits/46310
https://www.vulncheck.com/advisories/suitecrm-sql-injection-via-parenttab-parameter

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page