CVE-2023-2419

Name of the Vulnerable Software and Affected Versions Zhong Bang CRMEB version 4.6.0

Description A critical issue affects the videoUpload function in the file SystemAttachmentServices.php, allowing unrestricted upload through manipulation of the filename argument. This can be initiated remotely. The issue has been publicly disclosed and may be exploited.

Recommendations For Zhong Bang CRMEB version 4.6.0, consider disabling the videoUpload function until a patch is available to prevent unrestricted file uploads. Restrict access to the SystemAttachmentServices.php file to minimize the risk of exploitation. Avoid using the filename argument in the affected function until the issue is resolved.