📦 Espocrm

EspoCRM 5.8.5 contains an authentication bypass vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authoriza...

This vulnerability allows authenticated privileged attackers to upload malicious zip files to EspoCRM servers, leading to arbitrary PHP code execution. Attackers with administrative access can comprom...

EspoCRM versions before 9.0.8 contain an HTML injection vulnerability in Knowledge Base articles that allows authenticated users with read access to create malicious login page imitations. This enable...

This vulnerability in EspoCRM allows attackers with Knowledge Base edit permissions to create arbitrary user accounts, including administrative accounts, through stored SVG injection combined with CSR...

A path traversal vulnerability in EspoCRM versions 9.1.6 and below allows attackers to corrupt the Slim router's cache by accessing URLs with double slashes. This renders the instance unusable until a...