CVE-2022-38844

CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system.
Configurations

Configuration 1

cpe:2.3:a:espocrm:espocrm:7.1.8:*:*:*:*:*:*:*

Information

Published : 2022-09-16 02:15

Updated : 2022-09-17 02:30


NVD link : CVE-2022-38844

Mitre link : CVE-2022-38844

Products Affected
No products.
CWE
CWE-1236

Improper Neutralization of Formula Elements in a CSV File