A vulnerability, which was classified as critical, has been found in crmeb_java 1.3.4. Affected by this issue is the function
mergeList
of the component com.zbkj.front.pub.ImageMergeController. The manipulation leads to server-side request forgery.
This vulnerability is handled as CVE-2024-33117. The attack needs to be approached within the local network. There is no exploit available.