All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2023-22952
NONEKEVpublish date unavailable
CVSS / 10
// description
Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates.
// required action (CISA KEV)
Apply updates per vendor instructions.
added 2023-02-02 00:00 UTC