CVE-2022-50590

High CVSS: 8.8

SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of the administrator.

Vendor

Salesagility

Product

Suitecrm

CWE

CWE-843

Yayın Tarihi

2025-11-06 20:15:36

Güncelleme

2025-11-24 19:05:39

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-843 Suitecrm HIGH Salesagility 2025

Referanslar

https://blog.exodusintel.com/2022/06/09/salesagility-suitecrm-deleteattachment-type-confusion-vulnerability/ https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6 https://www.vulncheck.com/advisories/suitecrm-type-confusion-via-deleteattachment-functionality

Benzer Kayıtlar

High

CVE-2025-64492

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 8.9.0…

Medium

CVE-2025-64493

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 8.…

Medium

CVE-2025-64491

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.…

High

CVE-2025-64489

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.…

High

CVE-2025-64490

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.…

High

CVE-2025-64488

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.…