CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Feb 23, 2023
High
CISA KEVCVE-2023-22952
SugarCRM—Multiple Products
Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates.
Required Action
https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/; https://nvd.nist.gov/vuln/detail/CVE-2023-22952
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Unknown
- Published
- Feb 2, 2023
- KEV Added
- Feb 2, 2023
- Due Date
- Feb 23, 2023
- Related Articles
- 0
Vendor
SugarCRM
Multiple Products