CVE-2023-22952

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.
Configurations

Configuration 1

cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:*:*:*:*

Information

Published : 2023-01-11 09:15

Updated : 2023-01-18 09:32


NVD link : CVE-2023-22952

Mitre link : CVE-2023-22952

Products Affected
No products.
CWE