CVE-2023-22952 — Actively Exploited: Multiple Products (SugarCRM)
Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates.
| CVE ID | CVE-2023-22952 |
|---|---|
| Vendor | SugarCRM |
| Product | Multiple Products |
| Vulnerability name | Multiple SugarCRM Products Remote Code Execution Vulnerability |
| Date added | 2023-02-02 |
| Remediation due | 2023-02-23 |
| Known ransomware use | Unknown |
| Required action | Apply updates per vendor instructions. |
| Description | Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →