AI Score
Confidence
High
EPSS
Percentile
97.6%
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.
packetstormsecurity.com/files/171320/SugarCRM-12.x-Remote-Code-Execution-Shell-Upload.html
support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/