CVE-2023-22952

Multiple SugarCRM Products Remote Code Execution Vulnerability

Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates. Vendor/Product: SugarCRM Multiple Products. Added to CISA KEV 2023-02-02; required action: Apply updates per vendor instructions.

Category: Vulnerability, Known Exploited

Reference: NVD CVE-2023-22952