CNNVD-202602-223 Information
CNNVD ID
CNNVD-202602-223
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
EspoCRM是EspoCRM开源的一套开源的基于Web的客户关系管理系统(CRM)。该系统提供销售自动化、社区和客户支持等功能。 EspoCRM 5.8.5版本存在安全漏洞,该漏洞源于身份验证漏洞,攻击者可通过解码和修改Basic Authorization和Espo-Authorization令牌来访问其他用户账户,可能导致未经授权访问管理员用户信息和特权。
Description (English)
EspoCRM is an open-source web-based customer relationship management system (CRM) for EspoCRM. The system provides such functions as marketing automation, community and customer support. Version 5.8.5 of EspoCRM contains a security loophole, which stems from an identification loophole that allows the attackers to access other user accounts by decoding and modifying the Basic Administration and Espo-Authorization tokens, which may lead to unauthorized access to user information and privileges for administrators.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
EspoCRM
Published
2026-02-03
Last Modified
2026-02-24
References
https://www.espocrm.com https://www.exploit-db.com/exploits/48376 https://www.vulncheck.com/advisories/espocrm-privilege-escalation
Patch
https://www.espocrm.com/download/
Share on: