Home / os / wince

SugarCRM 13.0.1 Server-Side Template Injection

Posted on 27 October 2023

SugarCRM versions 13.0.1 and below suffer from a server-side template injection vulnerability in the GetControl action from the Import module. This issue can be leveraged to execute arbitrary php code.

 

TOP