CVE-2022-50590
SuiteCRM < 7.12.6 Type Confusion via 'deleteAttachment' Functionality
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of the administrator.
| CWE | CWE-843 |
| Vendor | suitecrm |
| Product | suitecrm |
| Published | Nov 6, 2025 |
| Last Updated | Jul 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for suitecrm suitecrm
Be the first to know when new unknown vulnerabilities affecting suitecrm suitecrm are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
SuiteCRM / SuiteCRM
0 < 7.12.6
References
docs.suitecrm.com: https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6 blog.exodusintel.com: https://blog.exodusintel.com/2022/06/09/salesagility-suitecrm-deleteattachment-type-confusion-vulnerability/ vulncheck.com: https://www.vulncheck.com/advisories/suitecrm-type-confusion-via-deleteattachment-functionality
Credits
Exodus Intelligence