| Titel | CRMEB is vulnerable to Broken Access Control |
|---|
| Beschreibung | CRMEB <= 4.6.0 is vulnerable to Broken Access Control.It has been declared as problematic.One of the interfaces in CRMEB can return the token directly, and by replacing the token you can bypass the authentication to upload the image, and then you can use phar deserialization.This issue affects some unknown processing of the route /api/wechat/app_auth |
|---|
| Quelle | ⚠️ https://github.com/HuBenLab/HuBenVulList/blob/main/CRMEB%20is%20vulnerable%20to%20Broken%20Access%20Control.md |
|---|
| Benutzer | p0ison (UID 37575) |
|---|
| Einreichung | 06.06.2023 08:17 (vor 3 Jahren) |
|---|
| Moderieren | 14.06.2023 07:31 (8 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 231503 [Zhong Bang CRMEB bis 4.6.0 Image Upload /api/wechat/app_auth erweiterte Rechte] |
|---|
| Punkte | 19 |
|---|