CVE-2026-4623

A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The identifier of the patch is f76e7123fe093b8675f88ec8f71725b0dd186310/98bd4eb07fa19d4f2c5228de6395580013c97476. It is suggested to install a patch to address this issue.

CVSS v3 7.3 HIGH
CVSS v2.0 7.5 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/
https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/commit/f76e7123fe093b8675f88ec8f71725b0dd186310
https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/issues/2
https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/issues/2#issue-4045330588
https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/issues/2#issuecomment-4023480586
https://vuldb.com/?ctiid.352482
https://vuldb.com/?id.352482
https://vuldb.com/?submit.775760

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-24 03:16

Updated : 2026-03-24 15:53

NVD link : CVE-2026-4623

Mitre link : CVE-2026-4623

CVE.ORG link : CVE-2026-4623

JSON object : View

Products Affected

No product.

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2026-4623", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-24T03:16:06.660", "references": [{"url": "https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/", "source": "cna@vuldb.com"}, {"url": "https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/commit/f76e7123fe093b8675f88ec8f71725b0dd186310", "source": "cna@vuldb.com"}, {"url": "https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/issues/2", "source": "cna@vuldb.com"}, {"url": "https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/issues/2#issue-4045330588", "source": "cna@vuldb.com"}, {"url": "https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/issues/2#issuecomment-4023480586", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.352482", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.352482", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.775760", "source": "cna@vuldb.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The identifier of the patch is f76e7123fe093b8675f88ec8f71725b0dd186310/98bd4eb07fa19d4f2c5228de6395580013c97476. It is suggested to install a patch to address this issue."}, {"lang": "es", "value": "Una vulnerabilidad de seguridad ha sido detectada en DefaultFuction Jeson-Customer-Relationship-Management-System hasta 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. Esto afecta una funci\u00f3n desconocida del archivo /API/System.PHP del componente M\u00f3dulo API. La manipulaci\u00f3n del argumento url conduce a falsificaci\u00f3n de petici\u00f3n del lado del servidor. El ataque puede ser iniciado remotamente. El exploit ha sido divulgado p\u00fablicamente y puede ser utilizado. La entrega continua con lanzamientos progresivos es utilizada por este producto. Por lo tanto, no hay detalles de versi\u00f3n de lanzamientos afectados ni actualizados disponibles. El identificador del parche es f76e7123fe093b8675f88ec8f71725b0dd186310/98bd4eb07fa19d4f2c5228de6395580013c97476. Se sugiere instalar un parche para abordar este problema."}], "lastModified": "2026-03-24T15:53:48.067", "sourceIdentifier": "cna@vuldb.com"}