PT-2026-27304 · Defaultfuction · Jeson Customer Relationship Management System
Practice
·
Published
2026-03-24
·
Updated
2026-03-24
·
CVE-2026-4623
CVSS v2.0
7.5
High
| AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
DefaultFuction Jeson-Customer-Relationship-Management-System (affected versions not specified)
Description
A security issue has been identified in the API Module component of DefaultFuction Jeson-Customer-Relationship-Management-System. Manipulation of the
url argument in an unknown function within the /api/System.php file can lead to server-side request forgery (SSRF). The attack can be initiated remotely. The exploit has been publicly disclosed. Continuous delivery with rolling releases is used, therefore specific version details of affected or updated releases are unavailable.Recommendations
Install a patch to address this issue.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jeson Customer Relationship Management System