Description
A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been declared as critical. This vulnerability affects the function videoUpload of the file \crmeb\app\services\system\attachment\SystemAttachmentServices.php. The manipulation of the argument filename leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227716.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
- Attack Vector
- network
- Complexity
- low
- Privileges
- high
- User Action
- none
- Scope
- unchanged
- Confidentiality
- low
- Integrity
- low
- Availability
- low
- Weaknesses
- CWE-434
Metadata
- Primary Vendor
- CRMEB
- Published
- 4/29/2023
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
crmeb : crmeb
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.