Remote Code Execution via SSRF in CRMEB 3.0's Downloadimage Interface
CVE-2020-25466 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.
Learn more about our Cis Benchmark Audit For Server Software.