Remote Code Execution via SSRF in CRMEB 3.0's Downloadimage Interface

Remote Code Execution via SSRF in CRMEB 3.0's Downloadimage Interface

CVE-2020-25466 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.

Learn more about our Cis Benchmark Audit For Server Software.