← Zuruck zu CVEs
CVE-2023-5966
MEDIUM4.7
Beschreibung
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution.
CVE Details
CVSS v3.1 Bewertung4.7
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht11/30/2023
Zuletzt geandert4/20/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
espocrm:espocrm
Schwachen (CWE)
CWE-434
Referenzen
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-espocrm(cve-coordination@incibe.es)
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-espocrm(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.