Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
EspoCRM 安全漏洞
Vulnerability Description
EspoCRM是一套开源的基于Web的客户关系管理系统(CRM)。该系统提供销售自动化、社区和客户支持等功能。 EspoCRM 7.1.8版本存在安全漏洞,该漏洞源于创建联系人中含有CSV注入,允许远程经过身份验证的用户通过创建具有能够执行系统命令的有效载荷联系人来运行系统命令,管理员用户在CSV文件中导出联系人可能最终会在其系统上执行恶意系统命令。
CVSS Information
N/A
Vulnerability Type
N/A