honor8

CVE-2020-21788 GITEE MEDIUM php

CRMEB 3.1.0+ - Server-Side Request Forgery via CopyTaobao.php

In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php.

17,434 stars

CVSS 4.3

View Code

CVE-2020-21787 GITEE CRITICAL php

CRMEB 3.1.0+ - Unrestricted Upload of File with Dangerous Type via UploadService.php

CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.

17,434 stars

CVSS 9.8

View Code