CVE

Id
75286  
CVE No.
CVE-2014-7985  
Status
Candidate  
Description
Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.  
Phase
Assigned (20141008)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
698564 75286 CVE-2014-7985 BUGTRAQ:20141029 Multiple vulnerabilities in EspoCRM  View
698565 75286 CVE-2014-7985 URL:http://www.securityfocus.com/archive/1/archive/1/533844/100/0/threaded  View
698566 75286 CVE-2014-7985 MISC:http://blog.espocrm.com/news/espocrm-2-6-0-released  View
698567 75286 CVE-2014-7985 MISC:http://packetstormsecurity.com/files/128888/EspoCRM-2.5.2-XSS-LFI-Access-Control.html  View
698568 75286 CVE-2014-7985 MISC:https://www.htbridge.com/advisory/HTB23238  View
698569 75286 CVE-2014-7985 BID:70809  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
18512 JVNDB-2014-007387 複数の Cisco-Meraki デバイスのファームウェアにおける重要な認証情報を取得される脆弱性 Cisco-Meraki MS、MR、および MX デバイスのファームウェアには、重要な認証情報を取得される脆弱性が存在します。 CVE-2014-7993 75286 3.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-007387.html  View