CVE-2022-38843

EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-is-vulnerable-to-unrestricted-file-upload-7860b15d12bc	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:espocrm:espocrm:7.1.8:*:*:*:*:*:*:*

History

17 Sep 2022, 02:30

Type	Values Removed	Values Added
CPE		cpe:2.3:a:espocrm:espocrm:7.1.8:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
CWE		CWE-434
References	~~(MISC) https://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-is-vulnerable-to-unrestricted-file-upload-7860b15d12bc -~~	(MISC) https://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-is-vulnerable-to-unrestricted-file-upload-7860b15d12bc - Exploit, Third Party Advisory

16 Sep 2022, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-09-16 14:15

Updated : 2024-02-04 22:51

NVD link : CVE-2022-38843

Mitre link : CVE-2022-38843

CVE.ORG link : CVE-2022-38843

JSON object : View

Products Affected

espocrm

espocrm

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

8.8 /10