CNNVD-202511-515 Information
CNNVD ID
CNNVD-202511-515
Related CVE
- CNNVD Published: 2025-11-06
Description (Chinese)
SuiteCRM是SuiteCRM团队的一个客户关系管理系统。 SuiteCRM 7.12.6之前版本存在安全漏洞,该漏洞源于处理deleteAttachment功能中的module参数时存在类型混淆,可能导致未经验证的远程攻击者更改数据库对象。
Description (English)
SuiteCRM is a customer relationship management system for the SuiteCRM team. The previous version of SuiteCR 7.12.6 had a security loophole, which stemmed from the type of confusion in dealing with the Module parameters in the deleteAttachment function, which could result in unverified remote assailants changing the database objects.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
SuiteCRM
Published
2025-11-06
Last Modified
2026-02-24
References
https://blog.exodusintel.com/2022/06/09/salesagility-suitecrm-deleteattachment-type-confusion-vulnerability/ https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6 https://www.vulncheck.com/advisories/suitecrm-type-confusion-via-deleteattachment-functionality
Patch
https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6
Share on: