← voltar
CVE-2022-50590

SuiteCRM < 7.12.6 Type Confusion via 'deleteAttachment' Functionality

CVSS 8.8 HIGHEPSS 0.3%CWE-843
SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of the administrator.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
Produtos afetados
SuiteCRM · SuiteCRM

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://blog.exodusintel.com/2022/06/09/salesagility-suitecrm-deleteattachment-type-confusion-vulnerability/https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6https://www.vulncheck.com/advisories/suitecrm-type-confusion-via-deleteattachment-functionality