CVE-2023-46816

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection SSTI vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. A...

SugarCRM 13.0.1 Server-Side Template Injection

---------------------------------------------------------------------------- SugarCRM = 13.0.1 GetControl Server-Side Template Injection Vulnerability ---------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions: Versio...

SugarCRM Security Breach

SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing for different customer needs, managing and distributing sales leads, and enabling information sharing and tracking of sales representatives. A security...

PT-2023-30232 · Sugarcrm · Sugarcrm

Name of the Vulnerable Software and Affected Versions: SugarCRM versions prior to 12.0.4 SugarCRM versions prior to 13.0.2 Description: A Server Site Template Injection SSTI issue has been identified in the GecControl action, allowing custom PHP code injection via the GetControl action due to...

Malicious code in getcontrol (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3f339c14f48c47c29b52e769701e04edc0ae6387672f57cfe1fe7d77521f0d6f EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

MAL-2023-3609 Malicious code in getcontrol (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3f339c14f48c47c29b52e769701e04edc0ae6387672f57cfe1fe7d77521f0d6f EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...