🔐 CVE Alert

CVE-2022-50590

UNKNOWN 0.0

SuiteCRM < 7.12.6 Type Confusion via 'deleteAttachment' Functionality

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of the administrator.

CWE CWE-843
Vendor suitecrm
Product suitecrm
Published Nov 6, 2025
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for suitecrm suitecrm

Be the first to know when new unknown vulnerabilities affecting suitecrm suitecrm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

SuiteCRM / SuiteCRM
0 < 7.12.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗
docs.suitecrm.com: https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6 blog.exodusintel.com: https://blog.exodusintel.com/2022/06/09/salesagility-suitecrm-deleteattachment-type-confusion-vulnerability/ vulncheck.com: https://www.vulncheck.com/advisories/suitecrm-type-confusion-via-deleteattachment-functionality

Credits

Exodus Intelligence