Unrestricted File Upload Vulnerability in EspoCRM by EspoCRM
CVE-2022-38843

8.8HIGH

Key Information:

Vendor: Espocrm
Status: Espocrm
Vendor: CVE Published:; 16 September 2022

What is CVE-2022-38843?

EspoCRM version 7.1.8 contains a vulnerability that allows attackers to upload files without restriction on file type. This flaw permits the upload of malicious files, which could then be executed on the server, potentially leading to unauthorized code execution and server compromise. It is crucial for users of this version to take immediate action to secure their systems against this exposure.

References

https://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2022
Vulnerability Reserved
Aug 29, 2022

Espocrm

What is CVE-2022-38843?

References

CVSS V3.1

Timeline