CVE-2019-25663

HIGH NVD

CVSS Score 7.1

Severity HIGH

Published Apr 05, 2026

Vendor unknown

Description

SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using boolean-based SQL injection techniques to extract sensitive database information.

References

https://suitecrm.com/
https://suitecrm.com/download/
https://www.exploit-db.com/exploits/46310
https://www.vulncheck.com/advisories/suitecrm-sql-injection-via-parenttab-parameter