CVE-2022-45185

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-45185

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45185.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-45185

Aliases

BIT-suitecrm-2022-45185

Published

2025-01-07T20:15:28.173Z

Modified

2026-04-10T04:52:24.457047Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution.

References

Affected packages

Git / github.com/salesagility/suitecrm

Affected ranges

Type

GIT

Repo

https://github.com/salesagility/suitecrm

Events

Introduced

Last affected

7b6ac1bb788bf0904e05cea6d9069a5feeaab52f

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.12.7"
        }
    ]
}

Affected versions

7.*

7.9.6

v.*

v.7.9.11

v7.*

v7.0.2

v7.1

v7.1.1

v7.1.2

v7.1.3

v7.1.4

v7.10.0

v7.10.1

v7.10.10

v7.10.11

v7.10.12

v7.10.2

v7.10.3

v7.10.4

v7.10.5

v7.10.6

v7.10.7

v7.11.0

v7.11.1

v7.11.11

v7.11.12

v7.11.13

v7.11.14

v7.11.15

v7.11.16

v7.11.17

v7.11.18

v7.11.2

v7.11.3

v7.11.4

v7.11.5

v7.11.6

v7.11.7

v7.11.8

v7.12-rc

v7.12.0

v7.12.1

v7.12.2

v7.12.3

v7.12.4

v7.12.5

v7.12.6

v7.12.7

v7.2

v7.2.1

v7.2beta

v7.2beta2

v7.3

v7.3-beta

v7.3.1

v7.3.2

v7.4.1

v7.4.2

v7.4.3

v7.5-beta

v7.5-beta.2

v7.5.1

v7.6

v7.6.1

v7.7

v7.7-beta1

v7.7-beta2

v7.7-rc

v7.7-rc2

v7.7.2

v7.7.3

v7.7.4

v7.8.0

v7.8.0-beta

v7.8.0-beta.2

v7.8.0-rc

v7.8.1

v7.8.2

v7.9.0

v7.9.0-beta

v7.9.0-rc

v7.9.1

v7.9.10

v7.9.11

v7.9.12

v7.9.13

v7.9.14

v7.9.3

v7.9.4

v7.9.5

v7.9.8

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45185.json"