Primary

Context

SuiteCRM Type Confusion Vulnerability in 'deleteAttachment' Functionality Allowing Database Manipulation

Vulnerability

Patched

A type confusion vulnerability has been identified in SuiteCRM versions prior to 7.12.6. The issue arises in the 'deleteAttachment' feature, specifically within the 'module' parameter processing. Exploitation of this vulnerability enables remote, unauthenticated attackers to modify database objects, including changing the administrator's email address.

Impact

Exploitation of this vulnerability allows for unauthorized modification of database objects, with the potential to change critical information such as the administrator's email address.

Remediation

Users are advised to upgrade to SuiteCRM version 7.12.6 or later, where this vulnerability has been addressed.

Added: Nov 6, 2025, 10:16 PM

Updated: Nov 6, 2025, 10:16 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

5.0

exploitability

8.1

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

5.0

exploitability

8.1

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SuiteCRM Type Confusion Vulnerability in 'deleteAttachment' Functionality Allowing Database Manipulation

Vulnerability

Impact

Remediation

Affected Products

SalesAgility SuiteCRM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating