Zhong Bang CRMEB SystemAttachmentServices.php videoUpload unrestricted upload

A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been declared as critical. This vulnerability affects the function videoUpload of the file \crmeb\app\services\system\attachment\SystemAttachmentServices.php. The manipulation of the argument filename leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227716.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

危险类型文件的不加限制上传

Zhongbang CRMEB 代码问题漏洞

Zhongbang CRMEB是中国西安众邦网络（Zhongbang）公司的一套开源的电商管理系统。 Zhongbang CRMEB 4.6.0版本存在代码问题漏洞，该漏洞源于对参数filename的错误操作导致文件不受限制的上传。

N/A

N/A