CVE-2024-33117 | crmeb_java 1.3.4 com.zbkj.front.pub.ImageMergeController mergeList server-side request forgery

Posted by Angelo Barbosa | May 6, 2024 | CVE

A vulnerability, which was classified as critical, has been found in crmeb_java 1.3.4. Affected by this issue is the function mergeList of the component com.zbkj.front.pub.ImageMergeController. The manipulation leads to server-side request forgery.

This vulnerability is handled as CVE-2024-33117. The attack needs to be approached within the local network. There is no exploit available.

CVE-2024-33117 | crmeb_java 1.3.4 com.zbkj.front.pub.ImageMergeController mergeList server-side request forgery

Related Posts

CVE-2022-44589 | miniOrange Google Authenticator Plugin up to 5.6.1 on WordPress information disclosure

CVE-2023-45213 | Westermo Lynx 206-F2G 4.24 unknown vulnerability (icsa-24-023-04)

CVE-2024-37542 | WpDevArt Responsive Image Gallery, Gallery Album Plugin up to 2.0.3 on WordPress authorization

CVE-2024-23328 | Dataease up to 1.18.14/2.2.x Mysql.java deserialization