Vulnerabilities > Espocrm > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-30 | CVE-2023-5965 | Unspecified vulnerability in Espocrm An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution. | 7.2 |
| 2023-11-30 | CVE-2023-5966 | Unspecified vulnerability in Espocrm An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution. | 7.2 |
| 2022-09-16 | CVE-2022-38843 | Unrestricted Upload of File with Dangerous Type vulnerability in Espocrm 7.1.8 EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. | 8.8 |
| 2022-09-16 | CVE-2022-38844 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Espocrm 7.1.8 CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. | 8.0 |
| 2019-07-28 | CVE-2019-14351 | Improper Restriction of Excessive Authentication Attempts vulnerability in Espocrm 5.6.4 EspoCRM 5.6.4 is vulnerable to user password hash enumeration. | 8.8 |