PT-2026-27304 · Defaultfuction · Jeson Customer Relationship Management System

Practice

·

Publicado

2026-03-24

·

Atualizado

2026-03-25

·

CVE-2026-4623

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions DefaultFuction Jeson-Customer-Relationship-Management-System (affected versions not specified)
Description A security issue has been identified in the API Module component of DefaultFuction Jeson-Customer-Relationship-Management-System. Manipulation of the url argument in an unknown function within the /api/System.php file can lead to server-side request forgery (SSRF). The attack can be initiated remotely. The exploit has been publicly disclosed. Continuous delivery with rolling releases is used, therefore specific version details of affected or updated releases are unavailable.
Recommendations Install a patch to address this issue.

Exploit

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-918

Identificadores relacionados

CVE-2026-4623

Produtos afetados

Jeson Customer Relationship Management System