CVE-2022-23940

EPSS 44.87% · P98 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-23940

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets executed. Project dependencies include a number of interesting PHP deserialization gadgets (e.g., Monolog/RCE1 from phpggc) that can be used for Code Execution.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

SuiteCRM 代码问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

SuiteCRM是SuiteCRM（Suitecrm）团队的一个客户关系管理系统。 SuiteCRM 7.12.1版本及之前版本、8.x版本至8.0.1版本存在安全漏洞，该漏洞源于SuiteCRM允许远程代码执行。攻击者可以在 email_recipients 属性中利用 PHP 反序列化来实现此目的。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2022-23940

#	POC Description	Source Link	Shenlong Link
1	PoC for CVE-2022-23940	https://github.com/manuelz120/CVE-2022-23940	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-23940

请登录查看更多情报信息。

https://docs.suitecrm.com/8.x/admin/releases/8.0/x_refsource_MISC
https://github.com/manuelz120x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2022-23940

Same Patch Batch · n/a · 2022-03-07 · 46 CVEs total

CVE-2022-25217		Phicomm 多款产品信任管理问题漏洞
CVE-2022-25213		Phicomm 多款产品信任管理问题漏洞
CVE-2022-25219		Phicomm 多款产品安全漏洞
CVE-2021-34340		Ming 缓冲区错误漏洞
CVE-2021-34339		Ming 缓冲区错误漏洞
CVE-2021-34338		Ming 缓冲区错误漏洞
CVE-2022-26662		Tryton 安全漏洞
CVE-2022-26661		Tryton 代码问题漏洞
CVE-2021-34341		Ming 缓冲区错误漏洞
CVE-2022-25218		多款PHICOMM产品加密问题漏洞
CVE-2022-25215		Phicomm多款产品安全漏洞
CVE-2022-25214		Phicomm多款产品安全漏洞
CVE-2022-25243		HashiCorp Vault 信任管理问题漏洞
CVE-2022-25244		HashiCorp Vault 安全漏洞
CVE-2020-36517		Home Assistant 安全漏洞
CVE-2021-41657		SmartBear CodeCollaborator 输入验证错误漏洞
CVE-2021-43970		Quicklert 代码问题漏洞
CVE-2021-43969		Quicklert SQL注入漏洞
CVE-2022-22834		OverIT Geocall 安全漏洞
CVE-2022-22835		OverIT Geocall 代码问题漏洞

Showing top 20 of 46 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2022-23940

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-23940

I. Basic Information for CVE-2022-23940

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-23940

III. Intelligence Information for CVE-2022-23940

Same Patch Batch · n/a · 2022-03-07 · 46 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-23940

Leave a comment