Vulnerabilities > Espocrm > Espocrm > 7.5.2

DATE CVE VULNERABILITY TITLE RISK
2023-12-05 CVE-2023-46736 Server-Side Request Forgery (SSRF) vulnerability in Espocrm
EspoCRM is an Open Source CRM (Customer Relationship Management) software.
network
low complexity
espocrm CWE-918
6.5
6.5
2023-11-30 CVE-2023-5965 Unrestricted Upload of File with Dangerous Type vulnerability in Espocrm
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution.
network
low complexity
espocrm CWE-434
7.2
7.2
2023-11-30 CVE-2023-5966 Unrestricted Upload of File with Dangerous Type vulnerability in Espocrm
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution.
network
low complexity
espocrm CWE-434
7.2
7.2