CVE-2023-22952 - Multiple SugarCRM Products Remote Code Execution Vulnerability

Vulnerability Name

Multiple SugarCRM Products Remote Code Execution Vulnerability

Description

Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/

https://nvd.nist.gov/vuln/detail/CVE-2023-22952