An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with regular user privileges can exploit this.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-10-27T00:00:00
Updated: 2024-09-09T16:04:44.024Z
Reserved: 2023-10-27T00:00:00
Link: CVE-2023-46815
Vulnrichment
Updated: 2024-08-02T20:53:21.936Z
NVD
Status : Modified
Published: 2023-10-27T04:15:10.777
Modified: 2024-11-21T08:29:21.843
Link: CVE-2023-46815
Redhat
No data.