2 matches found
📄 EspoCRM 9.3.3 Server-Side Request Forgery
EspoCRM version 9.3.3 suffers from an authenticated server-side request forgery vulnerability. Exploit Title: EspoCRM 9.3.3 - Authenticated SSRF via Alternative IPv4 Notation Google Dork: N/A Date: 2026-05-08 Exploit Author: Max Gabriel https://github.com/EntroVyx Vendor Homepage:...
CVE-2026-33534 EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation
EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery SSRF vulnerability that allows bypassing the internal-host validation logic by using alternative IPv4 representations such as octal notation e.g.,...