Vulnerability Database

301,409

Total vulnerabilities in the database

CVE-2019-14351

EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters.

  • Published: Jul 28, 2019
  • Updated: Nov 9, 2025
  • CVE: CVE-2019-14351
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

Software From Fixed in
espocrm / espocrm 5.6.4 5.6.4.x