SugarCRM CE unserialize PHP Code Execution Exploit

The vulnerability is caused by scripts using "unserialize()" with user controlled input. This can be exploited to execute arbitrary PHP code via the "__destruct()" method of the "SugarTheme" class or passing an ad-hoc serialized object through the $_REQUEST['current_query_by_page'] input variable.
Exploit type: 
Vulnerabilty ID: 
CVE-2012-0694
Product Version: 
12.3
Released Date: 
Tuesday, July 17, 2012 - 00:00