EUVD-2018-20877

Malware in sbrugna...

PT-2024-5502 · Umi Cms · Umi Cms

Name of the Vulnerable Software and Affected Versions: UMI CMS affected versions not specified Description: The issue is related to the lack of protection against SQL query structure exploitation in UMI CMS, a multi-site content management system. This could allow a remote attacker to execute...

Design/Logic Flaw

CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system...

EspoCRM 安全漏洞

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A security vulnerability exists in EspoCRM version 7.1.8 that originates from a CSV injection in the creation of a contact, which...

Cross site scripting

An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 stored Cross-Site Scripting XSS vulnerabilities in the firstname, lastname, billingaddress-address, billingaddress-zipcode, billingaddress-city, billingaddress-department, shippingaddress-address, shippingaddress-zipcode,...

CVE-2018-9283

An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 stored Cross-Site Scripting XSS vulnerabilities in the firstname, lastname, billingaddress-address, billingaddress-zipcode, billingaddress-city, billingaddress-department, shippingaddress-address, shippingaddress-zipcode,...

CVE-2017-0395

An elevation of privilege vulnerability in Contacts could enable a local malicious application to silently create contact information. This issue is rated as Moderate because it is a local bypass of user interaction requirements access to functionality that would normally require either user...