| Title | CRMEB is vulnerable to deserialization |
|---|
| Description | A deserialization vulnerability exists in the CRMEB <= 4.6.0.It has been rated as problematic.The problem lies in the /api/image_base64 route, which corresponds to the function put_image in api/controller/v1/PublicController.php.The exploit has been disclosed to the public and may be used.The attack may be initiated remotely.Use phar for deserialization to remove reload locks. |
|---|
| Source | ⚠️ https://github.com/HuBenLab/HuBenVulList/blob/main/CRMEB%20is%20vulnerable%20to%20deserialization.md |
|---|
| User | p0ison (UID 37575) |
|---|
| Submission | 06/06/2023 08:29 (3 years ago) |
|---|
| Moderation | 06/14/2023 07:31 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 231505 [Zhong Bang CRMEB up to 4.6.0 PublicController.php put_image deserialization] |
|---|
| Points | 20 |
|---|