CVE-2022-45185

HIGH8.8EPSS 0.37%

Published: 4/16/2025Modified: 4/16/2025

Description

An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution.

Affected packages (1)

Bitnami/suitecrm>= 7.12.7, <= 7.12.7

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (4)

WEBhttps://docs.suitecrm.com/admin/releases/7.12.x/
WEBhttps://github.com/Orange-Cyberdefense/CVE-repository/
WEBhttps://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/poc_SuiteCRM.py
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2022-45185