Vulnerabilities (CVE)

Filtered by vendor Espocrm Subscribe

Filtered by product Espocrm

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-5965	1 Espocrm	1 Espocrm	2023-12-06	N/A	7.2 HIGH
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution.
CVE-2023-5966	1 Espocrm	1 Espocrm	2023-12-06	N/A	7.2 HIGH
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution.
CVE-2019-14351	1 Espocrm	1 Espocrm	2020-08-24	4.0 MEDIUM	8.8 HIGH
EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters.