Name of the Vulnerable Software and Affected Versions:

EspoCRM versions 9.1.6 and below

Description:

EspoCRM is a web application featuring a single-page application frontend and a PHP-based REST API backend. If a user accesses EspoCRM in a browser with double slashes (e.g., `https://domain//#Admin`) and the webserver does not remove the double slash, it can corrupt the Slim router's cache, rendering the instance unusable until the cache is rebuilt.

Recommendations:

Upgrade to version 9.1.7 or later.