2023-01-11 00:00:00
mitre
PUBLISHED
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.