CVE-2020-25466

Type:

Server-Side Request Forgery (SSRF)

Severity:

High

Publication date:

10/23/2020

Last modified:

10/27/2020

Description

A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.

Impact

Access Vector: Through network

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Partially affects on system integrity + Partially affects on system confidentiality + Partially affects on system availability

Vulnerable software and versions

cpe:2.3:a:crmeb:crmeb:3.0:*:*:*:*:*:*:*

To consult the complete list of products and versions see this page

References to Advisories, Solutions, and Tools

http://crmeb.com (Source: MISC)
https://github.com/crmeb/CRMEB (Source: MISC)
https://github.com/crmeb/CRMEB/issues/22 (Source: MISC)

Explanation of fields

Corporate access

CVE-2020-25466