CVE-2024-6943

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Jul 21, 2024
Updated: Jul 22, 2024
CWE ID 502

Summary

CVE-2024-6943 is a recently disclosed critical vulnerability affecting ZhongBangKeJi CRMEB up to version 5.4.0. The issue lies in the function "downloadImage" of the file "app/services/product/product/CopyTaobaoServices.php," which results in deserialization upon manipulation. This vulnerability can be exploited remotely, making it a significant security concern. The exploit for this vulnerability has been made public, increasing the risk of potential attacks. Vendor response has been lacking, as they have not responded to disclosure efforts. The identifier VDB-272065 has been assigned to this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share