Unrated severityCISA KEVNVD Advisory· Published Jan 11, 2023· Updated Oct 21, 2025
CVE-2023-22952
CVE-2023-22952
Description
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.
Affected products
1- SugarCRM/SugarCRMdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.