VYPR
Unrated severityNVD Advisory· Published Nov 6, 2025· Updated Nov 28, 2025

SuiteCRM < 7.12.6 Type Confusion via 'deleteAttachment' Functionality

CVE-2022-50590

Description

SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of the administrator.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Suitecrm/Suitecrmllm-fuzzy2 versions
    <7.12.6+ 1 more
    • (no CPE)range: <7.12.6
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.