CVE-2022-38844

HIGH8.0EPSS 0.68%

發布日:2024/3/6修改日:2024/3/6

描述

CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system.

受影響套件(1)

Bitnami/espocrm>= 7.1.8, <= 7.1.8

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.0	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

參考連結(1)

WEBhttps://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-is-vulnerable-to-csv-injection-4c07494e2a76