CVE-2024-23052
Severity CVSS v4.0:
Pending analysis
Type:
CWE-502
Deserialization of Untrusted Dat
Publication date:
29/02/2024
Last modified:
16/01/2025
Description
An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:5kcrm:wukongcrm:9.0.1_20191202:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/WukongCRM_9.0.md#1remote-code-execution-vulnerability
- https://github.com/WuKongOpenSource/WukongCRM-9.0-JAVA/issues/28
- https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/WukongCRM_9.0.md#1remote-code-execution-vulnerability
- https://github.com/WuKongOpenSource/WukongCRM-9.0-JAVA/issues/28