CVE-2024-56908
MEDIUMCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Tags
Description
In Perfex Crm < 3.2.1, an authenticated attacker can send a crafted HTTP POST request to the affected upload_sales_file endpoint. By providing malicious input in the rel_id parameter, combined with improper input validation, the attacker can bypass restrictions and upload arbitrary files to directories of their choice, potentially leading to remote code execution or server compromise.
Analysis
In Perfex Crm < 3.2.1, an authenticated attacker can send a crafted HTTP POST request to the affected upload_sales_file endpoint. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical Context
This vulnerability is classified as HTTP Request/Response Smuggling (CWE-444), which allows attackers to manipulate HTTP request interpretation between frontend and backend servers. In Perfex Crm < 3.2.1, an authenticated attacker can send a crafted HTTP POST request to the affected upload_sales_file endpoint. By providing malicious input in the rel_id parameter, combined with improper input validation, the attacker can bypass restrictions and upload arbitrary files to directories of their choice, potentially leading to remote code execution or server compromise.
Affected Products
See vendor advisory for affected versions.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Enforce strict HTTP parsing, normalize requests at proxy layer, use HTTP/2 end-to-end, reject ambiguous headers.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today