CVE-2023-35810

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Jun 17, 2023

Updated: Aug 23, 2023

CWE ID 74

Summary

CVE-2023-35810 is a Second-Order PHP Object Injection vulnerability affecting SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. The DocuSign module lacks proper input validation, allowing attackers to inject and execute custom PHP code through crafted requests. This issue can only be exploited by users with administrative privileges. Sadly, editions other than SugarCRM Enterprise are also at risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rrelWt
https://www.cve.org/CVERecord?id=CVE-2023-35810
https://nvd.nist.gov/vuln/detail/CVE-2023-35810

Back to Vulnerability Database

CVE-2023-35810

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations