Búsqueda de    
Vulnerabilidad   
    Buscar 324607 Descripciones CVE y
146377 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.804874
Categoría:Web application abuses
Título:EspoCRM '/install/index.php' Multiple Vulnerabilities
Resumen:EspoCRM is prone to multiple vulnerabilities.
Descripción:Summary:
EspoCRM is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple errors are due to:

- Improper sanitization of input passed via 'action' and 'desc' HTTP GET
parameters to /install/index.php script.

- Insufficient access control restriction to the installation script
/install/index.php.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to execute arbitrary HTML and script code in a users browser session
in the context of an affected site, include and execute arbitrary local PHP
files on the system with privileges of the web server, and reinstall the
application.

Affected Software/OS:
EspoCRM version 2.5.2 and probably
earlier.

Solution:
Upgrade to EspoCRM version 2.6.0 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-7985
BugTraq ID: 70809
http://www.securityfocus.com/bid/70809
Bugtraq: 20141029 Multiple vulnerabilities in EspoCRM (Google Search)
http://www.securityfocus.com/archive/1/533844/100/0/threaded
http://blog.espocrm.com/news/espocrm-2-6-0-released
http://packetstormsecurity.com/files/128888/EspoCRM-2.5.2-XSS-LFI-Access-Control.html
https://www.htbridge.com/advisory/HTB23238
Common Vulnerability Exposure (CVE) ID: CVE-2014-7986
BugTraq ID: 70811
http://www.securityfocus.com/bid/70811
Common Vulnerability Exposure (CVE) ID: CVE-2014-7987
BugTraq ID: 70806
http://www.securityfocus.com/bid/70806
CopyrightCopyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2025 E-Soft Inc. Todos los derechos reservados.