Medium severity4.7NVD Advisory· Published Nov 30, 2023· Updated Apr 20, 2026
CVE-2023-5966
CVE-2023-5966
Description
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
1- www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-espocrmnvdThird Party Advisory
News mentions
0No linked articles in our index yet.