Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Multiple SugarCRM Products Remote Code Execution Vulnerability (CVE-2023-22952)

Description

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.

Remediation

References

Related Vulnerabilities

Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2931)

WordPress Plugin Woo Custom Checkout Field Multiple Vulnerabilities (1.3.2)

Moodle Incorrect Authorization Vulnerability (CVE-2021-40692)

PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3796)

CKEditor Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2021-26272)

Severity

High

Classification

CVE-2023-22952 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities