SugarCRM 13.0.1 Server-Side Template Injection
Posted on 27 October 2023
SugarCRM versions 13.0.1 and below suffer from a server-side template injection vulnerability in the GetControl action from the Import module. This issue can be leveraged to execute arbitrary php code.