{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2019-25664/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2019-25664"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve-2019-25664","suitecrm"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eSuiteCRM 7.10.7 is susceptible to a time-based SQL injection vulnerability (CVE-2019-25664) affecting the \u003ccode\u003erecord\u003c/code\u003e parameter within the \u003ccode\u003eUsers\u003c/code\u003e module\u0026rsquo;s \u003ccode\u003eDetailView\u003c/code\u003e action. This flaw enables authenticated attackers to inject arbitrary SQL code into database queries by manipulating the \u003ccode\u003erecord\u003c/code\u003e parameter within GET requests directed to the \u003ccode\u003eindex.php\u003c/code\u003e endpoint. By exploiting this vulnerability, attackers can leverage time-based blind SQL injection techniques to extract sensitive database information. This vulnerability poses a significant risk to organizations utilizing vulnerable versions of SuiteCRM as it can lead to unauthorized access to sensitive data.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker authenticates to the SuiteCRM application.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious GET request targeting the \u003ccode\u003eindex.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker injects SQL code into the \u003ccode\u003erecord\u003c/code\u003e parameter of the GET request, specifically targeting the \u003ccode\u003eUsers\u003c/code\u003e module\u0026rsquo;s \u003ccode\u003eDetailView\u003c/code\u003e action.\u003c/li\u003e\n\u003cli\u003eThe SuiteCRM application processes the crafted request without proper sanitization of the \u003ccode\u003erecord\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code is executed within the context of the database query.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages time-based SQL injection techniques to infer information about the database structure and content by observing the response times.\u003c/li\u003e\n\u003cli\u003eSensitive data is extracted from the database through repeated time-based injection attacks.\u003c/li\u003e\n\u003cli\u003eThe attacker exfiltrates the extracted data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability can lead to the unauthorized disclosure of sensitive data stored within the SuiteCRM database. The scope of the impact depends on the level of access granted to the compromised user account, but could include customer data, financial information, or other confidential business data. While there is no count on victims available, all SuiteCRM 7.10.7 installations are vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to a patched version of SuiteCRM that addresses CVE-2019-25664 to remediate the SQL injection vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided below to detect exploitation attempts targeting the vulnerable \u003ccode\u003eindex.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures within the SuiteCRM application to prevent SQL injection attacks.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious GET requests containing potentially malicious SQL code in the \u003ccode\u003erecord\u003c/code\u003e parameter.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-05T21:16:43Z","date_published":"2026-04-05T21:16:43Z","id":"/briefs/2026-04-suitecrm-sqli/","summary":"SuiteCRM 7.10.7 is vulnerable to time-based SQL injection in the record parameter of the Users module DetailView action, allowing authenticated attackers to manipulate database queries and potentially extract sensitive information.","title":"SuiteCRM 7.10.7 Time-Based SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-suitecrm-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2019-25664","version":"https://jsonfeed.org/version/1.1"}