๐Ÿ” CVE Alert

CVE-2023-22952

HIGH 8.8 โš ๏ธ CISA KEV
CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.

Vendor n/a
Product n/a
Published Jan 11, 2023
Last Updated Oct 21, 2025
โš ๏ธ Actively Exploited โ€” Act Now

Get instant alerts for n/a n/a

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2023-22952.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

n/a / n/a
n/a

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
support.sugarcrm.com: https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/ packetstormsecurity.com: http://packetstormsecurity.com/files/171320/SugarCRM-12.x-Remote-Code-Execution-Shell-Upload.html cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-22952