ID	1090501690
Created	Feb 28, 2023
Updated	Feb 28, 2023
Severity
Default Action	pass
Active
Affected OS	Windows, Linux, BSD, Solaris, MacOS
Affected App	PHP_app
Engine Version	5.0.1 or later

Legend

Enabled/Available
Disabled/Not Available

Update History

Date	Version	Detail
2023-02-28	0.00342

Refine Search

Threat Encyclopedia

SugarCRM.EmailTemplates.Remote.PHP.Code.Injection

Description

This indicates an attack attempt against a Code Injection vulnerability in SugarCRM.
The vulnerability is due to insufficient validation of user input data while handling a HTTP request. An authenticated remote attacker may be able to exploit this to execute arbitrary code on the context of the vulnerable systems via a crafted HTTP request.

Affected Products

SugarCRM version 11.0.0 to version 11.0.4
SugarCRM version 12.0.0 to version 12.0.1

Impact

System Compromise: Remote attackers can execute arbitrary script code within the context of the target system

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/

CVE References

CVE-2023-22952

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiGate

FortiClient

FortiSandBox

FortiMail

FortiADC

FortiWeb

FortiCNP

FortiNDR

FortiDeceptor

FortiEDR

FortiAnalyzer