BIT-espocrm-2022-38843

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/espocrm/BIT-espocrm-2022-38843.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-espocrm-2022-38843

Aliases

CVE-2022-38843

Published

2024-03-06T10:52:45.601Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.

Database specific

{
    "cpes": [
        "cpe:2.3:a:espocrm:espocrm:7.1.8:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

https://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-is-vulnerable-to-unrestricted-file-upload-7860b15d12bc

Affected packages

Bitnami / espocrm

Package

Name: espocrm
Purl: pkg:bitnami/espocrm

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

7.1.8

Last affected

7.1.8