CVE-2023-22952
Multiple SugarCRM Products Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
80.3%
p100
KEV
YES
Feb 2, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
Product
SugarCRM / Multiple Products
Vulnerability
Multiple SugarCRM Products Remote Code Execution Vulnerability
Added to KEV
Feb 2, 2023
Remediate by
Feb 23, 2023
Known ransomware use
No
Summary description
Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates.
Required action
Apply updates per vendor instructions.
Notes
https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/; https://nvd.nist.gov/vuln/detail/CVE-2023-22952
No related CVEs by CWE or product.