Description
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.
Remediation
References
Related Vulnerabilities
Spring Cloud Gateway Improper Certificate Validation Vulnerability (CVE-2022-22946)
WordPress Plugin Custom Post Type UI 'wp-admin/admin.php' Cross-Site Scripting (0.7)
WordPress Plugin Conditional Marketing Mailer for WooCommerce Unspecified Vulnerability (1.6)
WordPress Plugin WP-Stats Multiple Vulnerabilities (2.51)
Moodle Improper Input Validation Vulnerability (CVE-2014-9060)