Vulnerabilities > CVE-2023-3233 - Unspecified vulnerability in Crmeb
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been classified as critical. Affected is the function get_image_base64 of the file api/controller/v1/PublicController.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231504. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | Crmeb
| 18 |
References
- https://github.com/HuBenLab/HuBenVulList/blob/main/CRMEB%20is%20vulnerable%20to%20Server-side%20request%20forgery%20(SSRF).md
- https://github.com/HuBenLab/HuBenVulList/blob/main/CRMEB%20is%20vulnerable%20to%20Server-side%20request%20forgery%20(SSRF).md
- https://vuldb.com/?ctiid.231504
- https://vuldb.com/?ctiid.231504
- https://vuldb.com/?id.231504
- https://vuldb.com/?id.231504