CVE-2020-21788 · Vexday

CVE-2020-21788

EPSS 0.7%

In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php.

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gitee.com/ZhongBangKeJi/CRMEB/issues/I18MKC