CVE-2024-24818 in EspoCRMinfo

Summary

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsible

GitHub, Inc.

Reservation

01/31/2024

Disclosure

03/21/2024

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
255272	EspoCRM Password Change external reference	610	Not defined	Official fix	CVE-2024-24818

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!