CVE-2022-50589
CRITICALSuiteCRM < 7.12.6 - Unauthenticated SQL Injection via Export Functionality UID Parameter
Title source: llmDescription
SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code.
References (3)
Core 3
Core References
Release Notes vendor-advisory
patch
https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6
Third Party Advisory technical-description
https://blog.exodusintel.com/2022/06/09/salesagility-suitecrm-export-request-sql-injection-vulnerability/
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/suitecrm-sqli-via-export-functionality
Scores
CVSS v3
9.8
EPSS
0.0063
EPSS Percentile
45.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
salesagility/suitecrm
< 7.12.6
Published
Nov 06, 2025
Tracked Since
Feb 18, 2026