Skip to content

Instantly share code, notes, and snippets.

@Tommywarren
Last active September 26, 2024 14:05
Show Gist options
  • Save Tommywarren/89cef7f876ee897a4ff40a8b71b6208e to your computer and use it in GitHub Desktop.
Save Tommywarren/89cef7f876ee897a4ff40a8b71b6208e to your computer and use it in GitHub Desktop.
CVE-2024-46366
Vulnerable Product Version: Webkul Krayin CRM 1.3.0
Vulnerability Type: Privielge Escalation via Client-side Template Injection (CWE-1336)
Description:
Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process.
This can lead to privilege escalation when the payload is executed, granting the attacker elevated permissions within the CRM system.
Discoverer:
Tommy Warren, Avihay Eldad
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment