← Volver a CVEs
CVE-2024-24818
MEDIUM5.9
Descripcion
EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2.
Detalles CVE
Puntuacion CVSS v3.15.9
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
Vector de ataqueADJACENT_NETWORK
ComplejidadHIGH
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado3/21/2024
Ultima modificacion6/27/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
espocrm:espocrm
Debilidades (CWE)
CWE-610CWE-601
Referencias
https://github.com/espocrm/espocrm/commit/3babdfa3399e328fb1bd83a1b4ed03d509f4c8e7(security-advisories@github.com)
https://github.com/espocrm/espocrm/security/advisories/GHSA-8gv6-8r33-fm7j(security-advisories@github.com)
https://github.com/espocrm/espocrm/commit/3babdfa3399e328fb1bd83a1b4ed03d509f4c8e7(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/espocrm/espocrm/security/advisories/GHSA-8gv6-8r33-fm7j(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.