CVE-2022-50590

SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within theprocessing of the module parameter within the deleteAttachment functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of the administrator.
Type Confusion
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
VulnCheckCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://blog.exodusintel.com/2022/06/09/salesagility-suitecrm-deleteattachment-type-confusion-vulnerability/
https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6
https://www.vulncheck.com/advisories/suitecrm-type-confusion-via-deleteattachment-functionality