A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the…
VulDB·CWE-36·Published 2024-02-21
Es wurde eine Schwachstelle in ZhongBangKeJi CRMEB 5.2.2 ausgemacht. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion openfile der Datei /adminapi/system/file/openfile. Mittels dem Manipulieren mit unbekannten Daten kann eine absolute path traversal-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.
A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Se encontró una vulnerabilidad en ZhongBangKeJi CRMEB 5.2.2. Ha sido clasificada como problemática. Esto afecta a la función openfile del archivo /adminapi/system/file/openfile. La manipulación conduce a un path traversal. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-254391. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | cve.org | 2.7 | — | — | AV:A/AC:L/Au:S/C:P/I:N/A:N |
| 2.0 | Primary | cve.org | 2.7 | — | — | AV:A/AC:L/Au:S/C:P/I:N/A:N |
| 2.0 | Secondary | NVD | 2.7 | 5.1 | 2.9 | AV:A/AC:L/Au:S/C:P/I:N/A:N |
| 3.0 | Primary | cve.org | 3.5 | — | — | CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 3.0 | Primary | cve.org | 3.5 | — | — | CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 3.1 | Primary | NVD | 5.3 | 3.9 | 1.4 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| 3.1 | Primary | cve.org | 3.5 | — | — | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 3.1 | Primary | cve.org | 3.5 | — | — | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 3.1 | Secondary | NVD | 3.5 | 2.1 | 1.4 | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |