Filtered by vendor Espocrm
Subscribe
Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5965 | 1 Espocrm | 1 Espocrm | 2023-12-06 | N/A | 7.2 HIGH |
| An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution. | |||||
| CVE-2023-5966 | 1 Espocrm | 1 Espocrm | 2023-12-06 | N/A | 7.2 HIGH |
| An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution. | |||||
| CVE-2019-14351 | 1 Espocrm | 1 Espocrm | 2020-08-24 | 4.0 MEDIUM | 8.8 HIGH |
| EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters. | |||||