216.73.217.86

CVE-2022-50589

· Published 06/11/2025 20:15 · Modified 24/11/2025 19:07

Labels: CVE-2022-50589 2025-11-06CVE-2022-50589CWE-89[email protected]

Essential information

Published
06/11/2025 20:15
Modified
24/11/2025 19:07
Author
Creator
CVSS
9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
salesagility / suitecrm cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*

References