{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T11:26:02.193","vulnerabilities":[{"cve":{"id":"CVE-2026-29096","sourceIdentifier":"security-advisories@github.com","published":"2026-03-19T23:16:41.407","lastModified":"2026-03-24T14:58:53.023","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, when creating or editing a report (AOR_Reports module), the `field_function` parameter from POST data is saved directly into the `aor_fields` table without any validation. Later, when the report is executed/viewed, this value is concatenated directly into a SQL SELECT query without sanitization, enabling second-order SQL injection. Any authenticated user with Reports access can extract arbitrary database contents (password hashes, API tokens, config values). On MySQL with FILE privilege, this could lead to RCE via SELECT INTO OUTFILE. Versions 7.15.1 and 8.9.3 patch the issue."},{"lang":"es","value":"SuiteCRM es una aplicación de software de gestión de relaciones con clientes (CRM) de código abierto, lista para empresas. Antes de las versiones 7.15.1 y 8.9.3, al crear o editar un informe (módulo AOR_Reports), el parámetro 'field_function' de los datos POST se guarda directamente en la tabla 'aor_fields' sin ninguna validación. Más tarde, cuando el informe se ejecuta/visualiza, este valor se concatena directamente en una consulta SQL SELECT sin saneamiento, lo que permite una inyección SQL de segundo orden. Cualquier usuario autenticado con acceso a Informes puede extraer contenido arbitrario de la base de datos (hashes de contraseñas, tokens de API, valores de configuración). En MySQL con privilegio FILE, esto podría llevar a RCE a través de SELECT INTO OUTFILE. Las versiones 7.15.1 y 8.9.3 corrigen el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:suitecrm:suitecrm:*:*:*:*:*:*:*:*","versionEndExcluding":"7.15.1","matchCriteriaId":"73648654-E7F6-47CF-8E01-19BBFF737C99"},{"vulnerable":true,"criteria":"cpe:2.3:a:suitecrm:suitecrm:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.9.3","matchCriteriaId":"C7E15DD3-A934-40A2-8B43-ABCCBB53CBCF"}]}]}],"references":[{"url":"https://docs.suitecrm.com/admin/releases/7.15.x","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-vh42-gmqm-q55m","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}