Description

EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.

Remediation

References

CVE-2022-38843

Related Vulnerabilities

MySQL CVE-2020-14860 Vulnerability (CVE-2020-14860)

Liferay DXP Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-33323)

WordPress Plugin SEO Ultimate Cross-Site Scripting (7.6.5.2)

WordPress Plugin Category and Page Icons Cross-Site Scripting (0.9.2)

MySQL CVE-2017-3309 Vulnerability (CVE-2017-3309)

Severity

High

Classification

CVE-2022-38843 CWE-434 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities