CVSS Score of 10 (low)


Published Jun 17, 2023
Updated: Aug 23, 2023


CVE-2023-35811 is an SQL injection vulnerability discovered in SugarCRM Enterprise versions before 11.0.6 and 12.x before 12.0.3, affecting editions other than Enterprise as well. The vulnerability exists within the REST API, allowing crafted requests to inject custom SQL code due to missing input validation. This can be exploited by regular users with low privileges. The potential danger is high, with a base severity score of 8.8 out of 10, impacting confidentiality, integrity, and availability of the affected systems. Remediation should involve updating to the patched versions provided by SugarCRM.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-35811 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options