CVE-2023-22952
Multiple SugarCRM Products Remote Code Execution Vulnerability
CVSS
—
Sin CVSS
EPSS
80.3%
p100
KEV
SÍ
2 feb 2023
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
SugarCRM / Multiple Products
Vulnerabilidad
Multiple SugarCRM Products Remote Code Execution Vulnerability
Añadido a KEV
2 feb 2023
Remediar antes de
23 feb 2023
Uso conocido en ransomware
No
Descripción resumida
Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates.
Acción requerida
Apply updates per vendor instructions.
Notas
https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/; https://nvd.nist.gov/vuln/detail/CVE-2023-22952
Sin CVEs relacionados por CWE o producto.