Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery (SSRF) attacks via crafted serialized data in the report parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
X2Engine 代码注入漏洞
Vulnerability Description
X2Engine是美国X2Engine公司的一套开源的客户关系管理系统(CRM)。该系统提供生成销售报价、制定销售流程和快速查看联系人等功能。 X2Engine 2.8至4.1.7版本的protected/controllers/SiteController.php脚本中的‘actionSendErrorReport’方法存在安全漏洞。远程攻击者可借助‘report’参数中特制的序列化数据利用该漏洞实施PHP注入攻击和服务器端请求伪造(Server-Side Request Forgery,SSRF)攻击
CVSS Information
N/A
Vulnerability Type
N/A