Login Sign Up

CVE-2023-5350

9.1 CRITICAL
SQL Injection

📋 TL;DR

This CVE describes a SQL injection vulnerability in SuiteCRM versions prior to 7.14.1. Attackers can inject malicious SQL queries through user-controlled inputs, potentially allowing unauthorized database access, data manipulation, or complete system compromise. All organizations running vulnerable SuiteCRM instances are affected.

💻 Affected Systems

Products:
  • SuiteCRM
Versions: All versions prior to 7.14.1
Operating Systems: All platforms running SuiteCRM
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected SuiteCRM versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Suitecrm by Salesagility

View all CVEs affecting Suitecrm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data exfiltration, modification, or deletion; potential remote code execution via database functions; full system takeover.

🟠

Likely Case

Unauthorized data access and extraction of sensitive CRM information including customer data, business records, and user credentials.

🟢

If Mitigated

Limited impact due to proper input validation, parameterized queries, and database permissions restricting unauthorized access.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

SQL injection vulnerabilities are commonly weaponized. The commit shows specific vulnerable code patterns that can be exploited.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.14.1

Vendor Advisory: https://github.com/salesagility/suitecrm/commit/c43eaa311fb010b7928983e6afc6f9075c3996aa

Restart Required: No

Instructions:

1. Backup your SuiteCRM instance and database. 2. Update to SuiteCRM version 7.14.1 or later. 3. Verify the update completed successfully. 4. Test critical functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation and sanitization for all user inputs before database queries

Web Application Firewall

all

Deploy WAF with SQL injection protection rules to block malicious requests

🧯 If You Can't Patch

  • Implement strict database user permissions with least privilege principle
  • Deploy network segmentation to isolate SuiteCRM from sensitive systems

🔍 How to Verify

Check if Vulnerable:

Check SuiteCRM version in Admin panel or via version.php file. If version is below 7.14.1, system is vulnerable.

Check Version:

grep -i 'suitecrm_version' suitecrm/version.php

Verify Fix Applied:

Verify version is 7.14.1 or higher in Admin panel. Test previously vulnerable endpoints with SQL injection payloads.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL error messages in application logs
  • Multiple failed login attempts followed by SQL syntax in requests
  • Requests with SQL keywords like UNION, SELECT, INSERT in parameters

Network Indicators:

  • HTTP requests containing SQL syntax in GET/POST parameters
  • Unusual database connection patterns from web server

SIEM Query:

source="suitecrm.logs" AND ("SQL syntax" OR "mysql_error" OR "UNION SELECT" OR "' OR '1'='1")

📊 Metadata

CVE ID: CVE-2023-5350
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-89
Published: October 3, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-5350, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)