Description
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user.
Remediation
References
Related Vulnerabilities
WordPress Plugin Newsletter-Send awesome emails from WordPress Open Redirect (2.6.4.4)
WordPress Plugin GenerateBlocks Cross-Site Scripting (1.3.5)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3176)
Envoy Proxy Uncontrolled Recursion Vulnerability (CVE-2022-23606)