CVE-2024-6943

Name of the Vulnerable Software and Affected Versions ZhongBangKeJi CRMEB versions up to 5.4.0

Description A critical issue has been found, affecting the function downloadImage of the file app/services/product/product/CopyTaobaoServices.php. This issue leads to deserialization and can be exploited remotely. The exploit has been disclosed publicly.

Recommendations For ZhongBangKeJi CRMEB versions up to 5.4.0, as a temporary workaround, consider disabling the downloadImage function until a patch is available. Restrict access to the CopyTaobaoServices.php file to minimize the risk of exploitation. Avoid using the deserialization functionality in the affected downloadImage function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.