CVE-2022-38844

Posted on by admin

CVE-2022-38844

CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system.

Source: CVE-2022-38844

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다