CVE-2024-40324
MEDIUM WAF: High
CVSS 5.4
Published: 2024-07-25
CWE-113
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulation.
WAF Coverage Analysis
HTTP Response Splitting
High WAF Coverage
OWASP: A03:2021 Injection
921xxx - Protocol Attack
Affected Software
| Vendor | Product | Version |
|---|---|---|
| datex-soft | e-staff | 5.1 |
References
- github.com (Exploit, Third Party Advisory)