Description
Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Quick Buy For Woocommerce Arbitrary File Disclosure (2.0)
PHP Numeric Errors Vulnerability (CVE-2013-7226)
WordPress Plugin WP Sitemap Page Cross-Site Scripting (1.6.4)
WordPress Plugin Contact Form Integrated With Google Maps Cross-Site Scripting (2.4)
Apache HTTP Server CVE-2013-5704 Vulnerability (CVE-2013-5704)