| Título | CRMEB is vulnerable to Broken Access Control |
|---|
| Descripción | CRMEB <= 4.6.0 is vulnerable to Broken Access Control.It has been declared as problematic.One of the interfaces in CRMEB can return the token directly, and by replacing the token you can bypass the authentication to upload the image, and then you can use phar deserialization.This issue affects some unknown processing of the route /api/wechat/app_auth |
|---|
| Fuente | ⚠️ https://github.com/HuBenLab/HuBenVulList/blob/main/CRMEB%20is%20vulnerable%20to%20Broken%20Access%20Control.md |
|---|
| Usuario | p0ison (UID 37575) |
|---|
| Sumisión | 2023-06-06 08:17 (hace 3 años) |
|---|
| Moderación | 2023-06-14 07:31 (8 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 231503 [Zhong Bang CRMEB hasta 4.6.0 Image Upload /api/wechat/app_auth escalada de privilegios] |
|---|
| Puntos | 19 |
|---|