CVE-2024-40530 Information

Description

Insecure Permissions vulnerability in UAB Lexita PanteraCRM CMS v.401.152 and Patera CRM CMS v.402.072 allows a remote attacker to execute arbitrary code via modification of the X-Forwarded-For header component.

Reference

https://critical.lt/blog/authorization-bypass-and-mass-assignment-in-pantera-crm/