Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability - CVE-2022-38843 - Vulnerability Database
EspoCRM

EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability - CVE-2022-38843

High
Reference: CVE-2022-38843
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-38843
Title: EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability
Overview:

EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.