Description

EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.

Remediation

References

CVE-2022-38843

Related Vulnerabilities

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0246)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-42112)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.19)

Oracle Database Server Other Vulnerability (CVE-2007-3859)

WordPress 5.9.x Multiple Vulnerabilities (5.9 - 5.9.3)

Severity

High

Classification

CVE-2022-38843 CWE-434 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities