PT-2023-25326 · Sugarcrm · Sugarcrm Enterprise
Egidio Romano
·
Published
2023-06-17
·
Updated
2024-12-17
·
CVE-2023-35809
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SugarCRM Enterprise versions prior to 11.0.6
SugarCRM Enterprise versions 12.x prior to 12.0.3
Description
An issue has been identified in the REST API of SugarCRM, allowing for a Bean Manipulation vulnerability. This vulnerability can be exploited by using a crafted request to inject custom PHP code through the REST API due to missing input validation. The issue can be exploited with regular user privileges.
Recommendations
For SugarCRM Enterprise versions prior to 11.0.6, update to version 11.0.6 or later.
For SugarCRM Enterprise versions 12.x prior to 12.0.3, update to version 12.0.3 or later.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sugarcrm Enterprise