CVE-2024-6944 | ZhongBangKeJi CRMEB up to 5.4.0 PublicController.php get_image_base64 file deserialization

Posted by Angelo Barbosa | Jul 20, 2024 | CVE

A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this issue is the function get_image_base64 of the file PublicController.php. The manipulation of the argument file leads to deserialization.

This vulnerability is handled as CVE-2024-6944. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-6944 | ZhongBangKeJi CRMEB up to 5.4.0 PublicController.php get_image_base64 file deserialization

Related Posts

CVE-2024-46780 | Linux Kernel up to 6.10.9 nilfs2 null pointer dereference

CVE-2024-6345 | pypa setuptools up to 69.1.1 package_index code injection

CVE-2024-4437 | Red Hat OpenStack Platform etcd Package resource consumption

CVE-2024-24524 | flusity CMS 2.33 add_menu.php cross-site request forgery