Submit #374394: Xi'an Zhongbang Network Technology Co. CRMEB open source mall system <=5.4.0 phar Deserialization/RCEinfo

TitleXi'an Zhongbang Network Technology Co. CRMEB open source mall system <=5.4.0 phar Deserialization/RCE
DescriptionA vulnerability classified as critical has been discovered in the CRMEB open source mall system. This affects the downloadImage section of the file CopyTaobaoServices.php (authentication required). Manipulation of the images parameter causes phar deserialisation to enable arbitrary code execution.
Source⚠️ https://gist.github.com/J1rrY-learn/e15a1926a3b5a2b8805a15cb95eff1d7
User
 J1rrY (UID 64327)
Submission07/13/2024 07:21 PM (1 Year ago)
Moderation07/20/2024 11:59 AM (7 days later)
StatusAccepted
VulDB Entry272065 [ZhongBangKeJi CRMEB up to 5.4.0 CopyTaobaoServices.php downloadImage deserialization]
Points17

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!