ГлавнаяУязвимости → CVE-2022-50589
9.8критическая

CVE-2022-50589

Описание

SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code.

Затрагиваемое ПО
Salesagility Suitecrm
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://blog.exodusintel.com/2022/06/09/salesagility-suitecrm-export-request-sql-injection-vulnerability/https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6https://www.vulncheck.com/advisories/suitecrm-sqli-via-export-functionality