2 matches found
CVE-2023-46816
The CVE-2023-46816 issue affects SugarCRM: SSTI in the GecControl action allows injection of PHP code via GetControl due to insufficient input validation. Exploitation possible by a regular-privilege user. Impact is high (web context; code execution). Affected versions are SugarCRM 12 before 12.0...
CVE-2023-46816
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection SSTI vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. A...