Vulnerabilities > CVE-2023-5966 - Unspecified vulnerability in Espocrm

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
espocrm
NVD
Published: 2023-11-30
Updated: 2024-11-21

Summary

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution.

Vulnerable Configurations

Part Description Count
Application
Espocrm
240

References