Skip to main content

CVE-2023-5965

Description

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution.

NVD
Severity: HIGH
CVE ID: CVE-2023-5965
CVSS Score: 7.2
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Spanish National Cybersecurity Institute, S.A. (INCIBE)
Severity: CRITICAL
CVE ID: CVE-2023-5965
CVSS Score: 9.1
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

pedrojosenavasperez

Refrence: GitHub

Description
Proof Of Concept