Описание
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system.
Ссылки
- https://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-is-vulnerable-to-csv-injection-4c07494e2a76ExploitThird Party Advisory
- https://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-is-vulnerable-to-csv-injection-4c07494e2a76ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:espocrm:espocrm:7.1.8:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00682
Низкий
8 High
CVSS3
Дефекты
CWE-1236
Связанные уязвимости
CVSS3: 8
github
больше 3 лет назад
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system.
EPSS
Процентиль: 71%
0.00682
Низкий
8 High
CVSS3
Дефекты
CWE-1236