← ExploitWatch
HomeExploited Vulnerabilities

CVE-2023-22952 — Actively Exploited: Multiple Products (SugarCRM)

Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates.

CVE IDCVE-2023-22952
VendorSugarCRM
ProductMultiple Products
Vulnerability nameMultiple SugarCRM Products Remote Code Execution Vulnerability
Date added2023-02-02
Remediation due2023-02-23
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionMultiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →