Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DefaultFuction Jeson-Customer-Relationship-Management-System API Module System.php server-side request forgery
Vulnerability Description
A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The identifier of the patch is f76e7123fe093b8675f88ec8f71725b0dd186310/98bd4eb07fa19d4f2c5228de6395580013c97476. It is suggested to install a patch to address this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Jeson Customer Relationship Management System 代码问题漏洞
Vulnerability Description
Jeson Customer Relationship Management System是DefaultFuction个人开发者的一个轻量级客户关系管理系统。 Jeson Customer Relationship Management System存在代码问题漏洞,该漏洞源于对文件/api/System.php中参数url的错误操作,可能导致服务端请求伪造。
CVSS Information
N/A
Vulnerability Type
N/A