2 matches found
CVE-2022-50590 SuiteCRM < 7.12.6 Type Confusion via 'deleteAttachment' Functionality
SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of t...
CVE-2022-50590
SuiteCRM prior to 7.12.6 has a type confusion flaw in the deleteAttachment module parameter handling. This allows remote, unauthenticated attackers to alter database objects, including changing the administrator’s email. The issue affects SuiteCRM versions before 7.12.6; fixes are provided in 7.1...