CVE-2024-6944

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-6944
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-6944.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-6944
Published
2024-07-21T08:15:06Z
Modified
2025-01-08T16:23:32.159791Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this issue is the function getimagebase64 of the file PublicController.php. The manipulation of the argument file leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272066 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/crmeb/crmeb

Affected ranges

Type
GIT
Repo
https://github.com/crmeb/crmeb
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

v2.*

v2.6
v2.6.0

v4.*

v4.4.2
v4.4.4
v4.6.0
v4.7.0

v5.*

v5.2.0
v5.3.0
v5.4.0