CVE-2022-38843

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-38843

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-38843.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-38843

Aliases

BIT-espocrm-2022-38843

Published

2022-09-16T14:15:09Z

Modified

2024-10-12T10:04:11.475625Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.

References

https://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-is-vulnerable-to-unrestricted-file-upload-7860b15d12bc

Affected packages

Git / github.com/espocrm/espocrm

Affected ranges

Type: GIT
Repo: https://github.com/espocrm/espocrm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

8ec6fa0f52aab91e9109bc91a7687929a858ff6d

Affected versions

1.*

1.0.0

1.0.1

1.1.0

1.1.1

1.1.2

1.2.0

1.2.1

2.*

2.0.0

2.0.1

2.1.0

2.2.0

2.3.0

2.4.0

2.5.0

2.5.1

2.5.2

2.6.0

2.7.0

2.7.1

2.7.2

2.8.0

2.8.1

2.9.0

2.9.1

2.9.2

3.*

3.0.0

3.0.1

3.1.0

3.1.1

3.2.0

3.2.1

3.2.2

3.3.0

3.4.0

3.4.1

3.4.2

3.5.0

3.5.1

3.5.2

3.6.0

3.6.1

3.6.2

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.8.0

3.9.0

3.9.1

3.9.2

4.*

4.0.0

4.0.0-beta.1

4.0.0-beta.2

4.0.0-beta.3

4.0.0-beta.4

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.1.0

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.3.0

4.3.0-beta.1

4.3.0-beta.2

4.3.1

4.4.0

4.4.1

4.5.0

4.5.1

4.6.0

4.7.0

4.7.1

4.7.2

4.8.0

4.8.1

4.8.2

4.8.3

4.8.4

5.*

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.1.0

5.1.1

5.1.2

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.2.5

5.3.0

5.3.1

5.3.2

5.3.3

5.3.4

5.3.5

5.3.6

5.4.0

5.4.1

5.4.2

5.4.3

5.4.4

5.4.5

5.5.0

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.6.0

5.6.1

5.6.10

5.6.11

5.6.12

5.6.13

5.6.14

5.6.2

5.6.3

5.6.4

5.6.5

5.6.6

5.6.7

5.6.8

5.6.9

5.7.0

5.7.1

5.7.10

5.7.11

5.7.2

5.7.3

5.7.4

5.7.5

5.7.6

5.7.7

5.7.8

5.7.9

5.8.0

5.8.1

5.8.2

5.8.3

5.8.4

5.8.5

5.9.0

5.9.1

5.9.2

5.9.3

5.9.4

6.*

6.0.0

6.0.0-beta1

6.0.0-beta2

6.0.0-beta3

6.0.0-beta4

6.0.1

6.0.10

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.0.9

6.1.0

6.1.1

6.1.10

6.1.2

6.1.3

6.1.4

6.1.5

6.1.6

6.1.7

6.1.8

6.1.9

7.*

7.0.0

7.0.1

7.0.10

7.0.2

7.0.3

7.0.4

7.0.5

7.0.6

7.0.7

7.0.8

7.0.9

7.1.0

7.1.1

7.1.2

7.1.3

7.1.4

7.1.5

7.1.6

7.1.7

7.1.8