Cybersecurity Alerts

Actively Exploited Vulnerabilities

← Back to Cybersecurity Alerts

CVE-2023-22952

SugarCRM | Multiple ProductsAdded 2023-02-02Remediation Deadline 2023-02-23

Multiple SugarCRM Products Remote Code Execution Vulnerability

Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-20

References