Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability - CVE-2022-38844 - Vulnerability Database
EspoCRM

EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability - CVE-2022-38844

High
Reference: CVE-2022-38844
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-38844
Title: EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability
Overview:

CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system.