VYPR
Unrated severityNVD Advisory· Published Oct 27, 2023· Updated Sep 9, 2024

CVE-2023-46816

CVE-2023-46816

Description

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection (SSTI) vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. An attacker with regular user privileges can exploit this.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Sugarcrm/Sugarcrmcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: >=12.0.0, <=12.0.3; >=13.0.0, <=13.0.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.