Home > Vulnerability Database > CVE-2024-24818

Mend.io Vulnerability Database

CVE-2024-24818

Date: February 29, 2024

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2.

Language: PHP

Severity Score

5.9

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-24818

Url: https://github.com/espocrm/espocrm/security/advisories/GHSA-8gv6-8r33-fm7j

Url: https://github.com/espocrm/espocrm/commit/3babdfa3399e328fb1bd83a1b4ed03d509f4c8e7

Url: https://www.mend.io/vulnerability-database/CVE-2024-24818

Severity Score

5.9

Weakness Type (CWE)

Externally Controlled Reference to a Resource in Another Sphere

CWE-610

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-24818

Date: February 29, 2024

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?