Unrated severityNVD Advisory· Published Nov 6, 2025· Updated Nov 28, 2025
SuiteCRM < 7.12.6 Type Confusion via 'deleteAttachment' Functionality
CVE-2022-50590
Description
SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of the administrator.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- docs.suitecrm.com/admin/releases/7.12.x/mitrevendor-advisorypatch
- www.vulncheck.com/advisories/suitecrm-type-confusion-via-deleteattachment-functionalitymitrethird-party-advisory
- blog.exodusintel.com/2022/06/09/salesagility-suitecrm-deleteattachment-type-confusion-vulnerability/mitretechnical-description
News mentions
0No linked articles in our index yet.