CVE-2022-50589

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 7.12.6

Description SuiteCRM’s export functionality has a SQL injection issue due to a failure to sanitize SQL query structure when processing the uid parameter. Successful exploitation could allow a remote, unauthenticated attacker to execute arbitrary code.

Recommendations Update to SuiteCRM version 7.12.6 or later.

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2025-13971

CVE-2022-50589

Affected Products

Suitecrm

CVE-2022-50589

Weakness Enumeration

Related Identifiers

Affected Products

References · 8