What is CVE-2022-23940?

CVE-2022-23940 is a vulnerability in N/a. Published 2022-03-07.

Is CVE-2022-23940 known to be exploited?

21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-23940

SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a cra…

EPSS: 0.542 (98.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

manuelz120/CVE-2022-23940
0xD13/OSCP-Prep-Guide
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
EssenceCyber/Exploit-List
Mr-Tree-S/POC_
NaInSec/CVE-PoC-in-GitHub
SYRTI/POC_
WhooAmii/POC_
crac-learning/CVE-analysis-reports

References

github.com/manuelz120 (x_refsource_MISC)
docs.suitecrm.com/8.x/admin/releases/8.0/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-23940?: CVE-2022-23940 is a vulnerability in N/a. Published 2022-03-07.
Is CVE-2022-23940 known to be exploited?: 21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.