An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection (SSTI) vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. An attacker with regular user privileges can exploit this.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-10-27T00:00:00
Updated: 2024-09-09T16:01:32.429Z
Reserved: 2023-10-27T00:00:00
Link: CVE-2023-46816
Vulnrichment
Updated: 2024-08-02T20:53:21.825Z
NVD
Status : Modified
Published: 2023-10-27T04:15:10.847
Modified: 2024-11-21T08:29:22.003
Link: CVE-2023-46816
Redhat
No data.