CVE-2022-45185

Published: Jan 7, 2025Modified: Apr 15, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution.

Affected (1)

Products: Salesagility: Suitecrm

Salesagility

1 product

Suitecrm

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Salesagility Suitecrm	Version 7.12.7

Related CWEs

CWE-502

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (4)

https://docs.suitecrm.com/admin/releases/7.12.x/

Source: cve@mitre.org

Release Notes

https://github.com/Orange-Cyberdefense/CVE-repository/

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/poc_SuiteCRM.py

Source: cve@mitre.org

Exploit

https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/poc_SuiteCRM.py

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Exploit

Timeline

No history available yet.