Keyman

**Name of the Vulnerable Software and Affected Versions** Zhong Bang CRMEB version 4.6.0 **Description** A critical issue affects the `videoUpload` function in the file `SystemAttachmentServices.php`, allowing unrestricted upload through manipulation of the `filename` argument. This can be initiated remotely. The issue has been publicly disclosed and may be exploited. **Recommendations** For Zhong Bang CRMEB version 4.6.0, consider disabling the `videoUpload` function until a patch is available to prevent unrestricted file uploads. Restrict access to the `SystemAttachmentServices.php` file to minimize the risk of exploitation. Avoid using the `filename` argument in the affected function until the issue is resolved.