| 제목 | CRMEB is vulnerable to Broken Access Control |
|---|
| 설명 | CRMEB <= 4.6.0 is vulnerable to Broken Access Control.It has been declared as problematic.One of the interfaces in CRMEB can return the token directly, and by replacing the token you can bypass the authentication to upload the image, and then you can use phar deserialization.This issue affects some unknown processing of the route /api/wechat/app_auth |
|---|
| 원천 | ⚠️ https://github.com/HuBenLab/HuBenVulList/blob/main/CRMEB%20is%20vulnerable%20to%20Broken%20Access%20Control.md |
|---|
| 사용자 | p0ison (UID 37575) |
|---|
| 제출 | 2023. 06. 06. AM 08:17 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 06. 14. AM 07:31 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 231503 [Zhong Bang CRMEB 까지 4.6.0 Image Upload /api/wechat/app_auth 권한 상승] |
|---|
| 포인트들 | 19 |
|---|