A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function
openfile
of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal.
This vulnerability is uniquely identified as CVE-2024-1703. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.