Home / Early Warning / Vulnerabilidades / CVE-2020-25466

CVE-2020-25466

Type: 
Server-Side Request Forgery (SSRF)
Severity: 
High
Publication date: 
10/23/2020
Last modified: 
10/27/2020
Description
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.
Impact
Access Vector: Through network
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Partially affects on system integrity + Partially affects on system confidentiality + Partially affects on system availability
Vulnerable software and versions
  • cpe:2.3:a:crmeb:crmeb:3.0:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
References to Advisories, Solutions, and Tools
Explanation of fields