CVE-2024-6944

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Jul 21, 2024
Updated: Jul 22, 2024
CWE ID 502

Summary

CVE-2024-6944 is a newly disclosed critical vulnerability affecting ZhongBangKeJi CRMEB up to version 5.4.0. This issue lies in the get_image_base64 function of the PublicController.php file. The vulnerability permits attackers to manipulate the file argument, leading to deserialization. It is important to note that this vulnerability can be exploited remotely, and the exploit has already been made public. VDB-272066 is the identifier assigned to this issue. Unfortunately, the vendor was not responsive when contacted regarding this disclosure.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share