2 matches found
CVE-2022-38844
EspoCRM 7.1.8 is affected by a CSV injection vulnerability in Create Contacts, enabling remote authenticated users to execute system commands by crafting payloads in CSV exports (e.g., when an admin exports contacts). Root cause: CSV injection in the contact creation/CSV export flow. Impact: pote...
CVE-2022-38844
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system...