Arbitrary PHP Code Execution Vulnerability in EspoCRM 7.2.5

Arbitrary PHP Code Execution Vulnerability in EspoCRM 7.2.5

CVE-2023-5966 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution.

Learn more about our Cis Benchmark Audit For Server Software.