Server-Side Request Forgery Vulnerability in DefaultFuction Jeson-Customer-Relationship-Management-System
CVE-2026-4623
Key Information:
- Vendor
Defaultfuction
- Vendor
- CVE Published:
- 24 March 2026
Badges
What is CVE-2026-4623?
A vulnerability has been discovered in the DefaultFuction Jeson-Customer-Relationship-Management-System, specifically within the API Module located at /api/System.php. This vulnerability allows an attacker to manipulate the 'url' parameter, potentially leading to server-side request forgery (SSRF). The risk associated with SSRF is that it can be exploited remotely, enabling attackers to send requests to internal services or external networks, which could result in unauthorized data access or further exploitation. Continuous delivery practices with rolling releases are employed by the product, making specific version tracking challenging. Users are strongly advised to apply the provided patch to mitigate this security risk.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Jeson-Customer-Relationship-Management-System
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved