CVE-2022-38843

Name of the Vulnerable Software and Affected Versions EspoCRM version 7.1.8

Description The issue allows attackers to upload malicious files with any extension to the server. These malicious files can be executed to run unintended code on the server, potentially compromising it.

Recommendations For EspoCRM version 7.1.8, update to a version that fixes the Unrestricted File Upload issue to prevent attackers from uploading malicious files. As a temporary workaround, consider restricting file uploads to only necessary extensions and validating all uploaded files to minimize the risk of exploitation.