CVE-2023-22952: Multiple SugarCRM Products Remote Code Execution

Multiple SugarCRM Products Remote Code Execution Vulnerability. Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates.

• CISA KEV-listed (remediation due 2023-02-23)
• EPSS 93.1% (99.8% percentile)

Browse the CVE database

Read the full analysis on IntelFusions