CVE-2024-40324

Medium

A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input…

mitre·CWE-74·Published 2024-07-25

CVSS

5.4

EPSS

0.01

KEV

Exploits

cve.orgen

203 chars

A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulation.

NVDen

203 chars

NVDes

242 chars

Una vulnerabilidad de inyección CRLF en E-Staff v5.1 permite a los atacantes insertar caracteres Carriage Return (CR) y Line Feed (LF) en los campos de entrada, lo que lleva a la división de la respuesta HTTP y la manipulación del encabezado.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H