Zhong Bang CRMEB PublicController.php get_image_base64 server-side request forgery
CVE-2023-3233

8.8HIGH

Key Information:

Vendor

Zhong Bang

Status
CRMEB
Vendor
CVE Published:
14 June 2023

What is CVE-2023-3233?

A server-side request forgery (SSRF) vulnerability exists in the function get_image_base64 within the file api/controller/v1/PublicController.php of Zhong Bang CRMEB versions up to 4.6.0. Exploitation of this vulnerability allows an attacker to send unauthorized requests from the server side to internal or external resources, potentially leading to data leakage or further exploitation of the server. The vulnerability has been publicly disclosed, and exploits may already be available to malicious actors. Immediate action is recommended to safeguard affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CRMEB 4.0

CRMEB 4.1

CRMEB 4.2

References

https://vuldb.com/?id.231504
vdb-entrytechnical-description
https://vuldb.com/?ctiid.231504
signaturepermissions-required
https://github.com/HuBenLab/HuBenVulList/blob/main/CRMEB%...
broken-linkexploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

p0ison (VulDB User)
JSON
.