2 matches found
CVE-2023-5965 Unrestricted Upload of File with Dangerous Type in EspoCRM
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution...
CVE-2023-5965
CVE-2023-5965 affects EspoCRM v7.2.5. An authenticated privileged attacker can upload a specially crafted ZIP via the update form, enabling arbitrary PHP code execution on the server. Exploitation is described across multiple sources as requiring high privileges with no user interaction, and the ...