CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-21788

In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.5%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 4.0

References

https://gitee.com/ZhongBangKeJi/CRMEB/issues/I18MKC
https://gitee.com/ZhongBangKeJi/CRMEB/issues/I18MKC

Products affected by CVE-2020-21788

Crmeb » Crmeb » Version: 3.1.0+

cpe:2.3:a:crmeb:crmeb:3.1.0+

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-21788

Products

Pricing

Contact Us