🔐 CVE Alert

CVE-2022-50589

UNKNOWN 0.0

SuiteCRM < 7.12.6 SQL Injection via 'export' Functionality

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code.

CWE CWE-89
Vendor suitecrm
Product suitecrm
Published Nov 6, 2025
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for suitecrm suitecrm

Be the first to know when new unknown vulnerabilities affecting suitecrm suitecrm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

SuiteCRM / SuiteCRM
0 < 7.12.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗
docs.suitecrm.com: https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6 blog.exodusintel.com: https://blog.exodusintel.com/2022/06/09/salesagility-suitecrm-export-request-sql-injection-vulnerability/ vulncheck.com: https://www.vulncheck.com/advisories/suitecrm-sqli-via-export-functionality

Credits

Exodus Intelligence