Critical Server-Side Request Forgery Vulnerability in Zhong Bang CRMEB up to 4.6.0 (VDB-231504)

Critical Server-Side Request Forgery Vulnerability in Zhong Bang CRMEB up to 4.6.0 (VDB-231504)

CVE-2023-3233 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been classified as critical. Affected is the function get_image_base64 of the file api/controller/v1/PublicController.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231504. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Learn more about our Cis Benchmark Audit For Server Software.