CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-38844

CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.0%

CVSS Severity

CVSS v3 Score 8.0

References

https://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-is-vulnerable-to-csv-injection-4c07494e2a76
https://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-is-vulnerable-to-csv-injection-4c07494e2a76

Products affected by CVE-2022-38844

Espocrm » Espocrm » Version: 7.1.8

cpe:2.3:a:espocrm:espocrm:7.1.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-38844

Products

Pricing

Contact Us