CRM
espocrm/espocrm
EspoCRM – Open Source CRM Application
#crm#php#single-page-application#customer-portal#calendar#kanban#open-source#platform#sales-automation#customizable#email-marketing#contacts#leads#support#crm-platform#documents#customer-support#crm-system
スコア
85
/ 100
Star
2,963
Fork
855
Open Issue
50
サイズ
87MB
言語
PHP ★
最終push
0 日前
Docker
—
採点内訳
過去CVE 17件 (やや多い)
✓直近 push: 0 日前
✓得意言語 (PHP)
✓オープンissue 50件
—中規模 (87MB)
✓Docker 未対応
—1k–10k: 初心者ベスト (★2,963)
✓※ 各項目の重みは「採点ルール」を参照。合計は 0 で底打ち。
過去の SecurityAdvisory (17 件)
- Broken Access Control / IDOR in Note Pinning API allows unauthorized modification of notes
- IDOR in EmailTemplate Prepare Endpoint Leaks Entity Data via Email Address Lookup
- Stored SVG attachment can execute same-origin uploaded JavaScript when opened via image or attachment entry points
- Admin TemplateManager path traversal allows arbitrary file read write and delete
- Authenticated RCE via Formula with path traversal in attachment `sourceId`, exploitable by admin user
- Email importEml can import and delete another user's attachment by raw fileId
- Stored HTML injection in email notifications about stream notes via Markdown allowing HTML markup
- SSRF via DNS Rebinding in Attachment fromImageUrl Endpoint Allows Internal Network Access
- Authenticated SSRF via internal-host validation bypass using alternative IPv4 notation
- Stored SVG <a> Injection Enabling CSRF-Based Arbitrary User Creation
- Double slash in URI corrupting router cache leading to access denial
- Improper neutralization of special elements used in an LDAP query ('LDAP Injection')
- HTML Injection into phishing leads to account takeover
- Potential disclosure of sensitive information in the user sorting function
- Unrestricted Embedding in Iframe dashlet
- Weakness in "Forgot password"
- SSRF via /Attachment/fromImageUrl endpoint