CVE-2020-21788

MEDIUM

4.3

CVSS Severity Score

EPSS Score0.0680%

EPSS Percentile4.37th

Published2021年6月24日

Last Modified2024年11月21日

Vulnerability Description

In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php.

Affected Platforms (CPE)

📦

Crmeb

= 3.1.0\+

References & Advisories

🔗 https://gitee.com/ZhongBangKeJi/CRMEB/issues/I18MKC

関連する脆弱性情報

CVE-2020-254669.8

A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server...

CVE-2020-217879.8

CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.

CVE-2020-213948.8

SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in Syst...

CVE-2020-696610.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...