| Titel | Xi'an Zhongbang Network Technology Co. CRMEB open source mall system <=5.4.0 phar Deserialization/RCE |
|---|
| Beschreibung | A vulnerability classified as critical has been discovered in the CRMEB open source mall system. This affects the downloadImage section of the file CopyTaobaoServices.php (authentication required). Manipulation of the images parameter causes phar deserialisation to enable arbitrary code execution. |
|---|
| Quelle | ⚠️ https://gist.github.com/J1rrY-learn/e15a1926a3b5a2b8805a15cb95eff1d7 |
|---|
| Benutzer | J1rrY (UID 64327) |
|---|
| Einreichung | 13.07.2024 19:21 (vor 2 Jahren) |
|---|
| Moderieren | 20.07.2024 11:59 (7 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 272065 [ZhongBangKeJi CRMEB bis 5.4.0 CopyTaobaoServices.php downloadImage erweiterte Rechte] |
|---|
| Punkte | 17 |
|---|