EspoCRM-Admin-Extension-Upload-RCE-_1072B59E-8DE1-5A27-B873-7DF23EA6C5E5

Description

EspoCRM 9.2.7 管理员远程代码执行漏洞分析注意这是一个鸡肋漏洞，所以公开了。因为他需要管理员。。。。。漏洞概述 | 属性 | 值 | |------|-----| | 漏洞名称 | EspoCRM Admin Extension Upload RCE | | 影响版本 | EspoCRM │ 2. 解压到临时目录 │ - │ 3. 安装扩展 │ │ Base64编码 │ │ 验证 manifest │ │ 执行PHP脚本 │ └──────────────────┘...

Visit Original Source

Basic Information

ID 1072B59E-8DE1-5A27-B873-7DF23EA6C5E5

Published Jan 30, 2026 at 03:14

Modified Jan 30, 2026 at 03:18

{
    "lastseen": "2026-01-30T03:28:23",
    "description": "EspoCRM 9.2.7 \u7ba1\u7406\u5458\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u5206\u6790 \u6ce8\u610f \u8fd9\u662f\u4e00\u4e2a\u9e21\u808b\u6f0f\u6d1e\uff0c\u6240\u4ee5\u516c\u5f00\u4e86\u3002\u56e0\u4e3a\u4ed6\u9700\u8981\u7ba1\u7406\u5458\u3002\u3002\u3002\u3002\u3002 \u6f0f\u6d1e\u6982\u8ff0 | \u5c5e\u6027 | \u503c | |------|-----| | \u6f0f\u6d1e\u540d\u79f0 | EspoCRM Admin Extension Upload RCE | | \u5f71\u54cd\u7248\u672c | EspoCRM \u2502 2. \u89e3\u538b\u5230\u4e34\u65f6\u76ee\u5f55 \u2502 - \u2502 3. \u5b89\u88c5\u6269\u5c55 \u2502 \u2502 Base64\u7f16\u7801 \u2502 \u2502 \u9a8c\u8bc1 manifest \u2502 \u2502 \u6267\u884cPHP\u811a\u672c \u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518...",
    "published": "2026-01-30T03:14:18",
    "modified": "2026-01-30T03:18:40",
    "type": "githubexploit",
    "title": "EspoCRM-Admin-Extension-Upload-RCE-",
    "source": "",
    "references": "",
    "id": "1072B59E-8DE1-5A27-B873-7DF23EA6C5E5",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://github.com/dogadmin/EspoCRM-Admin-Extension-Upload-RCE-",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

💭 Join the Security Discussion ❌ Cancel Reply