Crmeb · Crmeb · CVE-2020-25466
**Name of the Vulnerable Software and Affected Versions**
CRMEB version 3.0
**Description**
A SSRF issue exists in the downloadimage interface, allowing remote download of arbitrary files on the server and potentially enabling remote execution of arbitrary code.
**Recommendations**
For CRMEB version 3.0, consider restricting access to the downloadimage interface as a temporary workaround until a patch is available.