Description
Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin ecSTATic Arbitrary File Upload (0.9933)
WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more Cross-Site Scripting (2.5.2.1)
WordPress Plugin GEO my WordPress Unspecified Vulnerability (2.6.1.1)
WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more Cross-Site Scripting (1.6.9)
WordPress Plugin WP Photo Album Plus Cross-Site Scripting (6.1.2)