SQL Injection Vulnerability in SuiteCRM by SalesAgility
CVE-2022-50589

9.3CRITICAL

Key Information:

Vendor

Suitecrm

Status
Suitecrm
Vendor
CVE Published:
6 November 2025

What is CVE-2022-50589?

SuiteCRM prior to version 7.12.6 is susceptible to a SQL injection vulnerability in the 'export' functionality, specifically in the handling of the 'uid' parameter. This flaw allows remote unauthenticated attackers to exploit the vulnerability, leading to the potential execution of arbitrary code. Prompt attention to this vulnerability is essential to safeguard systems against unauthorized access and data breaches. Users are advised to upgrade to the latest version to mitigate the risks associated with this vulnerability.

Affected Version(s)

SuiteCRM 0 < 7.12.6

References

https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6
vendor-advisorypatch
https://blog.exodusintel.com/2022/06/09/salesagility-suit...
technical-description
https://www.vulncheck.com/advisories/suitecrm-sqli-via-ex...
third-party-advisory

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Exodus Intelligence
JSON
.
CVE-2022-50589 : SQL Injection Vulnerability in SuiteCRM by SalesAgility