Security Advisory

CVE-2023-5966

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-11-30 13:26:48

Last updated 2026-04-20 07:57:21

Assigner INCIBE

State PUBLISHED

Description

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution.

← Browse all CVEs View on cve.org ↗