Description

Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.

Remediation

References

CVE-2014-7985

Related Vulnerabilities

Oracle Database Server CVE-2009-1007 Vulnerability (CVE-2009-1007)

Squid Other Vulnerability (CVE-2010-3072)

MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-30156)

Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2019-10081)

MySQL CVE-2012-0115 Vulnerability (CVE-2012-0115)

Severity

Critical

Classification

CVE-2014-7985 CWE-22

Tags

Missing Update Known Vulnerabilities