ГлавнаяУязвимости → CVE-2024-46366
8.8высокая

CVE-2024-46366

Описание

A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to privilege escalation when the payload is executed, granting the attacker elevated permissions within the CRM system.

Затрагиваемое ПО
Webkul Krayin crm
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Источники
https://gist.github.com/Tommywarren/89cef7f876ee897a4ff40a8b71b6208e