CVE-2020-21788

Publication date

2021-06-24 14:48:17

Family

mitre

State

PUBLISHED

Description

In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php.