logo

CVE-2023-22952 - Multiple SugarCRM Products Remote Code Execution Vulnerability

SugarCRM | Multiple Products

  • Date Added:
  • 2023-02-02
  • Due Date:
  • 2023-02-23
Vulnerability Name

Multiple SugarCRM Products Remote Code Execution Vulnerability

Description

Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes
https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/; https://nvd.nist.gov/vuln/detail/CVE-2023-22952

Free online web security scanner