CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-25466

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0890%
EPSS Percentile32.57th
Published2020年10月23日
Last Modified2024年11月21日

Vulnerability Description

A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.

Affected Platforms (CPE)

📦
Crmeb

Crmeb

= 3.0

References & Advisories

🔗 http://crmeb.com
🔗 https://github.com/crmeb/CRMEB
🔗 https://github.com/crmeb/CRMEB/issues/22
🔗 http://crmeb.com
🔗 https://github.com/crmeb/CRMEB
🔗 https://github.com/crmeb/CRMEB/issues/22

相关漏洞威胁

CVE-2020-217879.8

CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.

CVE-2020-213948.8

SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in Syst...

CVE-2020-217884.3

In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app...

CVE-2020-393610.0

UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers ...