CVE-2022-38844
N/A
N/A
Summary
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-is-vulnerable-to-csv-injection-4c07494e2a76
References
- https://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-is-vulnerable-to-csv-injection-4c07494e2a76
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.