Share 
## https://sploitus.com/exploit?id=SAINT:954611AB259D84FC392B4C62C983F3D4
Added: 03/22/2023  


### Background

[SugarCRM](<http://www.sugarcrm.com/>) is customer relationship management software written in PHP. 

### Problem

A vulnerability in the EmailTemplates module allows remote, unauthenticated attackers to execute arbitrary commands on the server by uploading a PNG image file containing embedded PHP code. 

### Resolution

Upgrade to SugarCRM 11.0.5 or 12.0.2 or higher. 

### References

<https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/>  


### Platforms

Linux