In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.
Metrics
Affected Vendors & Products
References
History
Wed, 29 Jan 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
kev
|
Wed, 29 Jan 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-94 |

Status: PUBLISHED
Assigner: mitre
Published: 2023-01-11T00:00:00.000Z
Updated: 2025-01-29T15:23:01.963Z
Reserved: 2023-01-11T00:00:00.000Z
Link: CVE-2023-22952

Updated: 2024-08-02T10:20:31.466Z

Status : Modified
Published: 2023-01-11T09:15:08.787
Modified: 2025-01-29T16:15:35.047
Link: CVE-2023-22952

No data.