CVE-2024-40324

Description

A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulation.

Vulnerability Type

CRLF

Vendor of Product

E-Staff

Affected Product Code Base

E-Staff 5.1

Affected Component

HTTP headers

Attack Type

Remote

Impact Code execution

Potential for arbitrary header injection, cache poisoning, and session hijacking, cross-site scripting (XSS), and other exploits.

Discoverer

Aleksey Vistorobskiy

Attack Vectors

An attacker can insert CRLF characters into input fields, manipulating HTTP headers. For example, injecting CRLF into HTTP headers can result in HTTP response splitting

Screenshot:

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
1.png		1.png
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2024-40324

Description

Vulnerability Type

Vendor of Product

Affected Product Code Base

Affected Component

Attack Type

Impact Code execution

Discoverer

Attack Vectors

Reference

About

Releases

Packages

aleksey-vi/CVE-2024-40324

Folders and files

Latest commit

History

Repository files navigation

CVE-2024-40324

Description

Vulnerability Type

Vendor of Product

Affected Product Code Base

Affected Component

Attack Type

Impact Code execution

Discoverer

Attack Vectors

Reference

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages