Login Sign Up

CVE-2022-50589

9.8 CRITICAL
Remote Code Execution SQL Injection

📋 TL;DR

This is a critical SQL injection vulnerability in SuiteCRM's export functionality that allows unauthenticated remote attackers to execute arbitrary SQL commands. Successful exploitation can lead to remote code execution, data theft, and complete system compromise. All SuiteCRM instances prior to version 7.12.6 are affected.

💻 Affected Systems

Products:
  • SuiteCRM
Versions: All versions prior to 7.12.6
Operating Systems: All platforms running SuiteCRM
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default installation, no special configuration required.

📦 What is this software?

Suitecrm by Salesagility

View all CVEs affecting Suitecrm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover via remote code execution, data exfiltration, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Database compromise leading to sensitive data theft, privilege escalation, and potential ransomware deployment.

🟢

If Mitigated

Limited impact with proper network segmentation, WAF rules, and minimal database privileges.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit details available, simple HTTP requests can trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.12.6

Vendor Advisory: https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6

Restart Required: No

Instructions:

1. Backup your SuiteCRM instance and database. 2. Download SuiteCRM 7.12.6 or later. 3. Follow official upgrade instructions from SuiteCRM documentation. 4. Verify the patch is applied by checking version.

🔧 Temporary Workarounds

Web Application Firewall Rule

all

Block malicious SQL injection patterns in the export functionality

WAF-specific rules to block SQL patterns in 'uid' parameter

Disable Export Functionality

all

Temporarily disable the vulnerable export feature

Modify SuiteCRM configuration to disable export module

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate SuiteCRM from critical systems
  • Apply principle of least privilege to database accounts used by SuiteCRM

🔍 How to Verify

Check if Vulnerable:

Check SuiteCRM version in admin panel or via version.php file

Check Version:

grep 'suitecrm_version' suitecrm/version.php

Verify Fix Applied:

Confirm version is 7.12.6 or later in admin interface

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple export requests with suspicious 'uid' parameters
  • Error logs showing SQL syntax errors

Network Indicators:

  • HTTP POST requests to export endpoints with SQL patterns in parameters
  • Unusual outbound database connections from web server

SIEM Query:

source="web_logs" AND uri="/index.php?module=Export&action=export" AND (param="uid" AND value CONTAINS "UNION" OR value CONTAINS "SELECT" OR value CONTAINS "--")

📊 Metadata

CVE ID: CVE-2022-50589
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
EPSS Score: 0.24% exploit probability (46.5th percentile)
Published: November 6, 2025
Last Updated: November 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50589, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)