CVE-2022-45185
HIGHSalesagility Suitecrm - Insecure Deserialization
Title source: ruleDescription
An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution.
Scores
CVSS v3
8.8
EPSS
0.0027
EPSS Percentile
50.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-502
Status
published
Affected Products (1)
salesagility/suitecrm
Timeline
Published
Jan 07, 2025
Tracked Since
Feb 18, 2026