CVE-2022-50590

Sažetak

SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of the administrator.

Reference

https://blog.exodusintel.com/2022/06/09/salesagility-suitecrm-deleteattachment-type-confusion-vulnerability/
https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6
https://www.vulncheck.com/advisories/suitecrm-type-confusion-via-deleteattachment-functionality

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

06-11-2025 - 20:15

Objavljeno

06-11-2025 - 20:15