CVE-2020-21788

MEDIUM

4.3

CVSS Severity Score

EPSS Score0.0680%

EPSS Percentile4.37th

PublishedJun 24, 2021

Last ModifiedNov 21, 2024

Vulnerability Description

In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php.

Affected Platforms (CPE)

📦

Crmeb

= 3.1.0\+

References & Advisories

🔗 https://gitee.com/ZhongBangKeJi/CRMEB/issues/I18MKC

Related Vulnerabilities

CVE-2020-254669.8

A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server...

CVE-2020-217879.8

CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.

CVE-2020-213948.8

SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in Syst...

CVE-2020-456110.0

IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a re...