CVE-2023-3232 MEDIUM

CVE-2023-3232: Zhong Bang CRMEB Image Upload app_auth deserialization

Vendor Zhong Bang
Product CRMEB
Weakness CWE-502 · Unsafe deserialization
Published June 14, 2023
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

6.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical. This issue affects some unknown processing of the file /api/wechat/app_auth of the component Image Upload. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231503. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

June 14, 2023 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-50416 WordPress WPC Shop as a Customer for WooCommerce plugin <= 1.2.6 - PHP Object Injection vulnerability CVE-2023-39913 Apache UIMA Java SDK Core, Apache UIMA Java SDK CPE, Apache UIMA Java SDK Vinci adapter, Apache UIMA Java SDK tools: Potential untrusted code execution when deserializing certain binary CAS formats CVE-2025-66524 Apache NiFi: Deserialization of Untrusted Data in GetAsanaObject Processor CVE-2023-37941 Apache Superset: Metadata db write access can lead to remote code execution CVE-2025-31932