PT-2025-45365 · Suitecrm · Suitecrm
Exodus Intelligence
·
Published
2022-03-02
·
Updated
2025-11-24
·
CVE-2022-50590
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:N/C:P/I:C/A:P |
Name of the Vulnerable Software and Affected Versions
SuiteCRM versions prior to 7.12.6
Description
SuiteCRM contains a type confusion issue in the processing of the
module parameter within the deleteAttachment functionality. Successful exploitation could allow remote, unauthenticated attackers to alter database objects, including the ability to change the administrator's email address. The issue involves accessing a resource through incompatible types when handling the module parameter.Recommendations
Update to version 7.12.6 or later.
Fix
Type Confusion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Suitecrm