COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2020-25466

CVE-2020-25466

Severity
critical
Source
NVD · cve
Published
2020-10-23
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-25466
⚡ RCE shame 50/100 rce

A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.

Players implicated

crmeb · vendorcrmeb · product

Description

A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.

Sentiment · trusted sources

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.