CVSS Score of 10 (low)


Published Jun 17, 2023
Updated: Aug 23, 2023


CVE-2023-35809 is a Bean Manipulation vulnerability identified in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3, as well as other editions. This vulnerability allows an attacker to inject custom PHP code through the REST API due to missing input validation. Exploiting this vulnerability only requires regular user privileges. The risk score for this vulnerability is 66, indicating a high severity level. To remediate the issue, organizations should update their SugarCRM Enterprise installations to version 11.0.6 or 12.0.3. The potential danger posed by this vulnerability includes the compromise of confidentiality, integrity, and availability of affected systems, potentially leading to unauthorized access and data breaches.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-35809 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options