CVE-2024-40324

MEDIUM

E-Staff <5.1 - HTTP Response Splitting

Title source: llm

Description

A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulation.

Exploits (1)

nomisec WRITEUP

by aleksey-vi · poc

https://github.com/aleksey-vi/CVE-2024-40324

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://github.com/aleksey-vi/CVE-2024-40324

Scores

CVSS v3 5.4

EPSS 0.1201

EPSS Percentile 93.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-113 CWE-93 CWE-74

Status published

Products (1)

datex-soft/e-staff 5.1

Published Jul 25, 2024

Tracked Since Feb 18, 2026