CVE advisoryKnown Exploit
CVE-2023-22952
SugarCRM Email Template Vulnerability Allows Code Injection.
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in SugarCRM's Email Templates allows attackers to inject custom PHP code due to missing input validation. This could impact systems, data, and business operations by enabling unauthorized code execution. The realistic business risk involves potential data compromise and system disruption.