Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Zhong Bang CRMEB PublicController.php get_image_base64 server-side request forgery
Vulnerability Description
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been classified as critical. Affected is the function get_image_base64 of the file api/controller/v1/PublicController.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231504. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Zhongbang CRMEB 代码问题漏洞
Vulnerability Description
Zhongbang CRMEB是中国西安众邦网络(Zhongbang)公司的一套开源的电商管理系统。 Zhongbang CRMEB 4.6.0之前版本存在代码问题漏洞。攻击者利用该漏洞执行服务器端请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A