Description
Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.
Remediation
References
Related Vulnerabilities
Java Unspesificed Vulnerability (CVE-2020-14803)
Apache Tomcat Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2020-13935)
Collabtive Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-5285)
Jboss EAP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3518)