Lucene search
K

377 matches found

Prion
Prion
added 2023/11/30 2:15 p.m.15 views

Code injection

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution...

5.8CVSS7.5AI score0.01049EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/11/30 1:26 p.m.50 views

CVE-2023-5966

CVE-2023-5966 affects EspoCRM 7.2.5. An authenticated privileged attacker can upload a specially crafted ZIP via the extension deployment form, leading to arbitrary PHP code execution on the EspoCRM server. The issue is tied to the vulnerability in EspoCRM’s deployment mechanism and is confirmed ...

7.2CVSS8.2AI score0.01049EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/30 1:26 p.m.7 views

CVE-2023-5966 Unrestricted Upload of File with Dangerous Type in EspoCRM

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution...

4.7CVSS9.2AI score0.01049EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/30 1:26 p.m.23 views

CVE-2023-5966 Unrestricted Upload of File with Dangerous Type in EspoCRM

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution...

4.7CVSS9.3AI score0.01049EPSS
Exploits0References1
CVE
CVE
added 2023/11/30 1:26 p.m.60 views

CVE-2023-5965

CVE-2023-5965 affects EspoCRM v7.2.5. An authenticated privileged attacker can upload a specially crafted ZIP via the update form, enabling arbitrary PHP code execution on the server. Exploitation is described across multiple sources as requiring high privileges with no user interaction, and the ...

7.2CVSS8.2AI score0.01049EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/30 1:26 p.m.16 views

CVE-2023-5965 Unrestricted Upload of File with Dangerous Type in EspoCRM

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution...

4.7CVSS7.2AI score0.01049EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/30 1:26 p.m.33 views

CVE-2023-5965 Unrestricted Upload of File with Dangerous Type in EspoCRM

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution...

4.7CVSS9.3AI score0.01049EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.4 views

EspoCRM Code Issues Vulnerabilities

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A code issue vulnerability exists in EspoCRM version 7.2.5 that stems from the presence of arbitrary PHP code execution...

9.1CVSS7.6AI score0.01049EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.6 views

PT-2023-32447 · Espocrm · Espocrm

Name of the Vulnerable Software and Affected Versions: EspoCRM version 7.2.5 Description: An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server via the update form, which could lead to arbitrary PHP code execution. Recommendations: For EspoCRM version...

9.1CVSS7.2AI score0.01049EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.2 views

EspoCRM Code Issues Vulnerabilities

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A code issue vulnerability exists in EspoCRM version 7.2.5 that stems from the presence of arbitrary PHP code execution...

9.1CVSS7.6AI score0.01049EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.7 views

PT-2023-32448 · Espocrm · Espocrm

Name of the Vulnerable Software and Affected Versions: EspoCRM version 7.2.5 Description: An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server via the extension deployment form, which could lead to arbitrary PHP code execution. Recommendations: For EspoC...

9.1CVSS7.2AI score0.01049EPSS
Exploits0References7
OSV
OSV
added 2022/09/16 2:15 p.m.25 views

CVE-2022-38845

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...

6.1CVSS6.3AI score
Exploits0References1
OSV
OSV
added 2022/09/16 2:15 p.m.18 views

CVE-2022-38844

CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system...

8CVSS7.1AI score
Exploits0References1
OSV
OSV
added 2022/09/16 2:15 p.m.13 views

CVE-2022-38846

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel HTTP. An attacker may capture the cookie from the insecure channel using MITM attack...

5.9CVSS6.7AI score
Exploits0References1
NVD
NVD
added 2022/09/16 2:15 p.m.20 views

CVE-2022-38844

CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system...

8CVSS0.01138EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/09/16 2:15 p.m.3 views

CVE-2022-38843

EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server...

8.8CVSS6AI score0.01121EPSS
Exploits1References2
NVD
NVD
added 2022/09/16 2:15 p.m.10 views

CVE-2022-38843

EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server...

8.8CVSS0.01121EPSS
Exploits1References1
NVD
NVD
added 2022/09/16 2:15 p.m.27 views

CVE-2022-38845

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...

6.1CVSS0.00626EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/09/16 2:15 p.m.3 views

CVE-2022-38846

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel HTTP. An attacker may capture the cookie from the insecure channel using MITM attack...

5.9CVSS5.8AI score0.00418EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/09/16 2:15 p.m.3 views

CVE-2022-38844

CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system...

8CVSS5.9AI score0.01138EPSS
Exploits1References2
Rows per page
Query Builder