SugarCRM EmailTemplates PNG file upload

Added: 03/22/2023

Background

SugarCRM is customer relationship management software written in PHP.

Problem

A vulnerability in the EmailTemplates module allows remote, unauthenticated attackers to execute arbitrary commands on the server by uploading a PNG image file containing embedded PHP code.

Resolution

Upgrade to SugarCRM 11.0.5 or 12.0.2 or higher.

References

https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/

Platforms

Linux

Back to exploit index