7.5 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
25.3%
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution.
www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-espocrm