Unrated severityNVD Advisory· Published Nov 6, 2025· Updated Nov 28, 2025

SuiteCRM < 7.12.6 Type Confusion via 'deleteAttachment' Functionality

CVE-2022-50590

Description

SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of the administrator.

Affected products

Suitecrm/Suitecrmv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.suitecrm.com/admin/releases/7.12.x/mitrevendor-advisorypatch
www.vulncheck.com/advisories/suitecrm-type-confusion-via-deleteattachment-functionalitymitrethird-party-advisory
blog.exodusintel.com/2022/06/09/salesagility-suitecrm-deleteattachment-type-confusion-vulnerability/mitretechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000