CVE-2022-38843

Published at:
2022-09-16T14:15:09.550
Source: [email protected]

Global infos:

EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.

CVE Status: Modified

References:

  • [email protected]
  • af854a3a-2127-422b-91ae-364da2661108
    •

    Metrics:

    AttributeValue
    Attack ComplexityLOW
    Attack VectorNETWORK
    Availability ImpactHIGH
    Base Score8.8
    Base SeverityHIGH
    Confidentiality ImpactHIGH
    Integrity ImpactHIGH
    Privileges RequiredLOW
    ScopeUNCHANGED
    User InteractionNONE
    Vector StringCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Exploitability Score2.8
    Impact Score5.9
    Source[email protected]
    TypePrimary

    Links:

    Exploit-db
    Github

    Most recherched CVEs
    Popular Keywords