CVE-2022-38843

EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
espocrmespocrm
7.1.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-is-vulnerable-to-unrestricted-file-upload-7860b15d12bc
https://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-is-vulnerable-to-unrestricted-file-upload-7860b15d12bc