CVE-2023-22952 Information

Description

In SugarCRM before 12.0. Hotfix 91155 a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.

Reference

https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/