CVE-2024-25461

Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component...

PT-2024-20958 · Terrasoft · Creatio Terrasoft Crm

Name of the Vulnerable Software and Affected Versions: Creatio Terrasoft CRM version 7.18.4.1532 Description: The issue allows a remote attacker to obtain sensitive information via a crafted request to the "terrasoft.axd" component. This enables the attacker to potentially access unauthorized dat...

Creatio Terrasoft CRM Security Breach

Creatio Terrasoft CRM is a customer relationship management system from Creatio. A security vulnerability exists in Creatio Terrasoft CRM version v.7.18.4.1532. A remote attacker can exploit this vulnerability to obtain sensitive information via a specially crafted request to the terrasoft.axd...

CVE-2024-25461

CVE-2024-25461 : A directory traversal vulnerability affects Creatio Terrasoft CRM v7.18.4.1532, allowing a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component. Root cause is a directory traversal flaw in the terrasoft.axd handler; impact is unauth...

VulnCheck KEV: CVE-2024-25461

Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component...

The vulnerability of the ConnectionStrings.config component in the “Terrasoft” CRM system and the “Creatio” BPM system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the ConnectionStrings.config component in the “Terrasoft” CRM system and the “Creatio” BPM system is related to incorrect restrictions on the path to the restricted access directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain...