Description

In Perfex Crm < 3.2.1, an authenticated attacker can send a crafted HTTP POST request to the affected upload_sales_file endpoint. By providing malicious input in the rel_id parameter, combined with improper input validation, the attacker can bypass restrictions and upload arbitrary files to directories of their choice, potentially leading to remote code execution or server compromise.

INFO

Published Date :

2025-02-13T00:00:00.000Z

Last Modified :

2025-03-17T18:48:25.965Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-56908 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-56908.

URL Resource
https://gist.github.com/JuyLang/7406077e3e5e6b2ff35c80f1853e298f cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact