| عنوان | CRMEB is vulnerable to Broken Access Control |
|---|
| الوصف | CRMEB <= 4.6.0 is vulnerable to Broken Access Control.It has been declared as problematic.One of the interfaces in CRMEB can return the token directly, and by replacing the token you can bypass the authentication to upload the image, and then you can use phar deserialization.This issue affects some unknown processing of the route /api/wechat/app_auth |
|---|
| المصدر | ⚠️ https://github.com/HuBenLab/HuBenVulList/blob/main/CRMEB%20is%20vulnerable%20to%20Broken%20Access%20Control.md |
|---|
| المستخدم | p0ison (UID 37575) |
|---|
| ارسال | 06/06/2023 08:17 AM (3 سنوات منذ) |
|---|
| الاعتدال | 14/06/2023 07:31 AM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 231503 [Zhong Bang CRMEB حتى 4.6.0 Image Upload /api/wechat/app_auth تجاوز الصلاحيات] |
|---|
| النقاط | 19 |
|---|