CVE-2023-22952 - Multiple SugarCRM Products Remote Code Execution Vulnerability
SugarCRM | Multiple Products
- Date Added:
- 2023-02-02
- Due Date:
- 2023-02-23
- Vulnerability Name
Multiple SugarCRM Products Remote Code Execution Vulnerability
- Description
Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates.
- Known To Be Used in Ransomware Campaigns?
Unknown
- Action
Apply updates per vendor instructions.
- Additional Notes
- https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/; https://nvd.nist.gov/vuln/detail/CVE-2023-22952
Free online web security scanner