by vicarius
log in join community
by @jakaba
16 Dec 2023
#cve_analysis

Write a blog analysis for a CVE

publish

SugarCRM RCE (CVE-2023-22952)

by @jakaba
by @jakaba
16 Dec 2023
#cve_analysis

Write a blog analysis for a CVE

publish

SugarCRM RCE (CVE-2023-22952)

CVEs

CVE-2023-22952
8.8 High Severity

Screenshots from the blog posts

images/clpv2ubhd1qit1inb823qegib.jpgimages/clpv2ubhd1qit1inb823qegib.jpg

Summary

CVE-2023-22952 (CVSS score: 8.8) relates to a case of missing input validation in SugarCRM that could result in the injection of arbitrary PHP code. The flaw is due to a lack of appropriate validation when uploading a malicious PNG file that contains an embedded PHP code using a vulnerable endpoint.

Description

Tags

#RCE#CVE-2023-22952#trending#SugarCRM
users/photos/clj8b3h1k16g10uoihwvzgsxi.png

@jakaba

74 posts

Total vcoins

0

Social media links

Comments (0)