Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects — EspoCRM, Pimcore, and Akaunting — that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks.
All the security flaws in question, which impact EspoCRM v6.1.6, Pimcore Customer Data Framework v3.0.0, Pimcore AdminBundle v6.8.0, and Akaunting v2.1.12, were fixed within a day of responsible disclosure, researchers Wiktor Sędkowski of Nokia and Trevor Christiansen of Rapid7 noted. Six of the nine flaws were uncovered in the Akaunting project.
EspoCRM is an open-source customer relationship management (CRM) application, while Pimcore is an open-source enterprise software platform for customer data management, digital asset management, content management, and digital commerce. Akaunting, on the other hand, is an open-source and online accounting software designed for invoice and expense tracking.
The list of issues is as follows –
- CVE-2021-3539 (CVSS score: 6.3) – Persistent XSS flaw in EspoCRM v6.1.6
- CVE-2021-31867 (CVSS score: 6.5) – SQL injection in Pimcore Customer Data…