CVE-2024-6943
CVSS 3.1 Score 6.3 of 10 (medium)
Details
Summary
CVE-2024-6943 is a recently disclosed critical vulnerability affecting ZhongBangKeJi CRMEB up to version 5.4.0. The issue lies in the function "downloadImage" of the file "app/services/product/product/CopyTaobaoServices.php," which results in deserialization upon manipulation. This vulnerability can be exploited remotely, making it a significant security concern. The exploit for this vulnerability has been made public, increasing the risk of potential attacks. Vendor response has been lacking, as they have not responded to disclosure efforts. The identifier VDB-272065 has been assigned to this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.