Server-Side Request Forgery in CRMEB 3.0 by CRMEB
CVE-2020-25466

9.8CRITICAL

Key Information:

Vendor

Crmeb

Status
Crmeb
Vendor
CVE Published:
23 October 2020

What is CVE-2020-25466?

A server-side request forgery (SSRF) vulnerability exists in the download image interface of CRMEB 3.0. This flaw allows an attacker to remotely download arbitrary files from the server, potentially leading to the execution of arbitrary code. The vulnerability can be exploited without authentication, making it critical for users of this software to take necessary precautions and apply any available patches.

References

http://crmeb.com
x_refsource_MISC
https://github.com/crmeb/CRMEB
x_refsource_MISC
https://github.com/crmeb/CRMEB/issues/22
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.