CVE-2026-4623

A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The identifier of the patch is f76e7123fe093b8675f88ec8f71725b0dd186310/98bd4eb07fa19d4f2c5228de6395580013c97476. It is suggested to install a patch to address this issue.

CVSS v3 7.3 HIGH
CVSS v2.0 7.5 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/
https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/commit/f76e7123fe093b8675f88ec8f71725b0dd186310
https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/issues/2
https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/issues/2#issue-4045330588
https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/issues/2#issuecomment-4023480586
https://vuldb.com/?ctiid.352482
https://vuldb.com/?id.352482
https://vuldb.com/?submit.775760

Configurations

No configuration.

History

24 Apr 2026, 16:32

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de seguridad ha sido detectada en DefaultFuction Jeson-Customer-Relationship-Management-System hasta 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. Esto afecta una función desconocida del archivo /API/System.PHP del componente Módulo API. La manipulación del argumento url conduce a falsificación de petición del lado del servidor. El ataque puede ser iniciado remotamente. El exploit ha sido divulgado públicamente y puede ser utilizado. La entrega continua con lanzamientos progresivos es utilizada por este producto. Por lo tanto, no hay detalles de versión de lanzamientos afectados ni actualizados disponibles. El identificador del parche es f76e7123fe093b8675f88ec8f71725b0dd186310/98bd4eb07fa19d4f2c5228de6395580013c97476. Se sugiere instalar un parche para abordar este problema.

24 Mar 2026, 03:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-24 03:16

Updated : 2026-04-29 01:00

NVD link : CVE-2026-4623

Mitre link : CVE-2026-4623

CVE.ORG link : CVE-2026-4623

JSON object : View

Products Affected

No product.

CWE

CWE-918

Server-Side Request Forgery (SSRF)

7.3 /10