exploitDog

CVE-2022-38843

Опубликовано: 16 сент. 2022

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.

Ссылки

https://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-is-vulnerable-to-unrestricted-file-upload-7860b15d12bc
Exploit
Third Party Advisory
https://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-is-vulnerable-to-unrestricted-file-upload-7860b15d12bc
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:espocrm:espocrm:7.1.8:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00497

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-9hh7-36j4-5fcg

CVSS3: 8.8

github

больше 3 лет назад

EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.

EPSS

Процентиль: 65%

0.00497

Низкий

8.8 High

CVSS3

Дефекты

CWE-434