CVE-2023-46815
EUVD-2023-5098127.10.2023, 04:15
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with regular user privileges can exploit this.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| sugarcrm | sugarcrm | 12.0.0 ≤ 𝑥 < 12.0.4 |
| sugarcrm | sugarcrm | 12.0.0 ≤ 𝑥 < 12.0.4 |
| sugarcrm | sugarcrm | 12.0.0 ≤ 𝑥 < 12.0.4 |
| sugarcrm | sugarcrm | 13.0.0 |
| sugarcrm | sugarcrm | 13.0.0 |
| sugarcrm | sugarcrm | 13.0.0 |
| sugarcrm | sugarcrm | 13.0.1 |
| sugarcrm | sugarcrm | 13.0.1 |
| sugarcrm | sugarcrm | 13.0.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration