CVE Watchtower ← Back to CVE ListCVE-2023-22952NVDVulnerability SummaryIn SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.Severity LevelUNKNOWNPublished DateJan 11, 2023Last ModifiedOct 21, 2025Exploitation Status????EPSS Score (30-Day)Data PendingRoot Weakness (CWE)N/AExternal Referenceshttps://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/http://packetstormsecurity.com/files/171320/SugarCRM-12.x-Remote-Code-Execution-Shell-Upload.html