CVE-2022-38844 – CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run …

16 September 2022

Vuln ID: CVE-2022-38844

Published: 2022-09-16 14:15:09Z

Description: CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system.

Source: NVD.NIST.GOV

Date:

16 September 2022

Categorie(s):

NVD

Tag(s):

NVD

UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost18 April 2024
What is Encryption in Malware? – Understand From Basics to XOR18 April 2024
Phishing-as-a-Service Platform LabHost Seized by Authorities18 April 2024
DNS Attacks: Protecting Your Digital Assets with Advanced Security18 April 2024
Cisco creates architecture to improve security and sell you new switches18 April 2024