Multiple vulnerabilities in EspoCRM
|Vulnerable Versions:||2.5.2 and probably prior|
|Advisory Publication:||October 8, 2014 [without technical details]|
|Vendor Notification:||October 8, 2014|
|Vendor Fix:||October 10, 2014|
|Public Disclosure:||October 29, 2014|
|Latest Update:||October 15, 2014|
|Vulnerability Type:||PHP File Inclusion [CWE-98]|
Improper Access Control [CWE-284]
Cross-Site Scripting [CWE-79]
|CVSSv2 Base Scores:||7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)|
|Solution Status:||Fixed by Vendor|
|Discovered and Provided:||High-Tech Bridge Security Research Lab|
High-Tech Bridge Security Research Lab discovered multiple high-risk vulnerabilities in EspoCRM, which can be exploited by remote attacker to execute arbitrary PHP code on a vulnerable system, reinstall the application from scratch, and compromise the entire system as the result. EspoCRM is also vulnerable to less critical Cross-Site Scripting attacks.
|Update to EspoCRM 2.6.0|
| High-Tech Bridge Advisory HTB23238 - https://www.immuniweb.com/advisory/HTB23238 - Multiple vulnerabilities in EspoCRM.|
 EspoCRM - http://www.espocrm.com/ - EspoCRM is an Open Source CRM (Customer Relationship Management) software that allows you to see, enter and evaluate all your company relationships regardless of the type.
 Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
 Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
 ImmuniWeb® - Leveraging the power of machine-learning and genius of human brain to deliver the most advanced web application security and penetration testing.
 ImmuniWeb® SSLScan - Test your servers for security and compliance with PCI DSS, HIPAA and NIST.
HTB23219: Improper Access Control in ArticleFR
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.