CVE-2020-37094

High CVSS: 8.7

EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authorization and Espo-Authorization tokens to gain unauthorized access to administrative user information and privileges.

Vendor

Espocrm

Product

Espocrm

CWE

CWE-639

Yayın Tarihi

2026-02-03 22:16:25

Güncelleme

2026-03-03 14:59:29

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-639 Espocrm HIGH Espocrm 2026

Referanslar

https://www.espocrm.com https://www.exploit-db.com/exploits/48376 https://www.vulncheck.com/advisories/espocrm-privilege-escalation

Benzer Kayıtlar

Medium

CVE-2025-59428

EspoCRM is an open source customer relationship management application. In versions before 9.1.9, a vulnerability allows…

Medium

CVE-2025-52892

EspoCRM is a web application with a frontend designed as a single-page application and a REST API backend written in PHP…

Medium

CVE-2025-52575

EspoCRM is an Open Source CRM (Customer Relationship Management) software. EspoCRM versions 9.1.6 and earlier are vulner…

High

CVE-2025-32390

EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Know…

Low

CVE-2025-32789

EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by thei…

Medium

CVE-2025-32385

EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to displ…