An issue was discovered in 72crm 9.0. There is a SQL Injection vulnerability in View the task calendar.
8.8CVSS
9AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.002EPSS
72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
8.8CVSS
8.9AI Score
0.001EPSS