Vulnerability CVE-2023-22952
Published: 2023-01-11

Description:
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.

See advisories in our WLB2 database:
Topic
Author
Date
High
SugarCRM unauthenticated Remote Code Execution (RCE)
DANG
07.10.2025

 References:
https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/
Copyright 2025, cxsecurity.com

 

Back to Top