SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the events response entry point allows for a SQL injection attack. This makes it possible for unauthenticated attackers to append additional SQL queries into existing queries, which can be used to extract sensitive information from the database.
View the template here CVE-2024-36412.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-36412