CVE-2023-22952

Description

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.

Related CPE's

asugarcrmsugarcrm********

asugarcrmsugarcrm********

References

https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/

Vendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io