by Over the past two weeks, hackers exploited a high-risk vulnerability in the SugarCRM system to spread malicious programs to control servers. The vulnerability was discovered in December 2022, when no patch was 0day, the person who disclosed the vulnerability also released the exploit code, saying it was an authentication bypass plus remote code execution vulnerability, which means that the attacker does not need an identity Credentials can remotely run malicious code on a vulnerable server. SugarCRM officially released an announcement on January 5 confirming the vulnerability. Security researchers at Censys, which provides network monitoring services, reported Wednesday that 354 of the 3,059 SugarCRM servers it monitored were infected with malicious programs that implanted backdoors.
https://sugarclub.sugarcrm.com/engage/b/sugar-news/posts/jan-5-2023-security-vulnerability-update
https://arstechnica.com/information-technology/2023/01/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit/
