THREATOPS
THREAT OPSCVEs › CVE-2023-22952

CVE-2023-22952 — Multiple SugarCRM Products Remote Code Execution Vulnerability

CISA KEVExploited: confirmedSugarCRM

Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates.

Vulnerability details