Описание
SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of the administrator.
SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of the administrator.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-50590
- https://blog.exodusintel.com/2022/06/09/salesagility-suitecrm-deleteattachment-type-confusion-vulnerability
- https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6
- https://www.vulncheck.com/advisories/suitecrm-type-confusion-via-deleteattachment-functionality
Связанные уязвимости
SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of the administrator.
Уязвимость функции deleteAttachment системы управления взаимоотношениями с клиентами SuiteCRM, позволяющая нарушителю получить доступ на чтение и изменение данных