CVE-2024-56908 — MEDIUM (6.8)

Q: How severe is CVE-2024-56908?

CVE-2024-56908 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-56908?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.

Vulnerability Description

In Perfex Crm < 3.2.1, an authenticated attacker can send a crafted HTTP POST request to the affected upload_sales_file endpoint. By providing malicious input in the rel_id parameter, combined with improper input validation, the attacker can bypass restrictions and upload arbitrary files to directories of their choice, potentially leading to remote code execution or server compromise.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Related Weaknesses (CWE)

CWE-444 CWE-1287

References

https://gist.github.com/JuyLang/7406077e3e5e6b2ff35c80f1853e298f

FAQ

What is CVE-2024-56908?

CVE-2024-56908 is a vulnerability with a CVSS score of 6.8 (MEDIUM). In Perfex Crm < 3.2.1, an authenticated attacker can send a crafted HTTP POST request to the affected upload_sales_file endpoint. By providing malicious input in the rel_id parameter, combined with im...

How severe is CVE-2024-56908?

CVE-2024-56908 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-56908?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.