Description
Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.
Remediation
References
Related Vulnerabilities
OpenSSL Uncontrolled Resource Consumption Vulnerability (CVE-2016-6307)
WordPress Plugin Couponer 'print-coupon.php' SQL Injection (1.2)
WordPress Plugin W3 Total Cache Server-Side Request Forgery (0.9.7.3)
WordPress Plugin Multilanguage by BestWebSoft Cross-Site Scripting (1.2.1)
WordPress Plugin Job Board by BestWebSoft Cross-Site Scripting (1.1.3)