Description
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system.
Remediation
References
Related Vulnerabilities
WordPress Plugin LearnPress-WordPress LMS Cross-Site Scripting (4.1.3.1)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1901)
MySQL CVE-2014-6564 Vulnerability (CVE-2014-6564)
Dolibarr Other Vulnerability (CVE-2022-0414)
WordPress Plugin LionScripts:IP Blocker Lite Cross-Site Request Forgery (10.3)