Invia #165160: CRMEB is vulnerable to Broken Access Controlinformazioni

TitoloCRMEB is vulnerable to Broken Access Control
DescrizioneCRMEB <= 4.6.0 is vulnerable to Broken Access Control.It has been declared as problematic.One of the interfaces in CRMEB can return the token directly, and by replacing the token you can bypass the authentication to upload the image, and then you can use phar deserialization.This issue affects some unknown processing of the route /api/wechat/app_auth
Fonte⚠️ https://github.com/HuBenLab/HuBenVulList/blob/main/CRMEB%20is%20vulnerable%20to%20Broken%20Access%20Control.md
Utente
 p0ison (UID 37575)
Sottomissione06/06/2023 08:17 (3 anni fa)
Moderazione14/06/2023 07:31 (8 days later)
StatoAccettato
Voce VulDB231503 [Zhong Bang CRMEB fino a 4.6.0 Image Upload /api/wechat/app_auth escalationi di privilegi]
Punti19

PrecedenteVisione D'ensembleIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!