An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component.
References
| Link | Resource |
|---|---|
| https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/WukongCRM_9.0.md#1remote-code-execution-vulnerability | Exploit Vendor Advisory |
| https://github.com/WuKongOpenSource/WukongCRM-9.0-JAVA/issues/28 | Exploit Issue Tracking Vendor Advisory |
| https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/WukongCRM_9.0.md#1remote-code-execution-vulnerability | Exploit Vendor Advisory |
| https://github.com/WuKongOpenSource/WukongCRM-9.0-JAVA/issues/28 | Exploit Issue Tracking Vendor Advisory |
Configurations
History
16 Jan 2025, 17:53
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
5kcrm wukongcrm
5kcrm |
|
| References | () https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/WukongCRM_9.0.md#1remote-code-execution-vulnerability - Exploit, Vendor Advisory | |
| References | () https://github.com/WuKongOpenSource/WukongCRM-9.0-JAVA/issues/28 - Exploit, Issue Tracking, Vendor Advisory | |
| CPE | cpe:2.3:a:5kcrm:wukongcrm:9.0.1_20191202:*:*:*:*:*:*:* |
Information
Published : 2024-02-29 01:44
Updated : 2025-01-16 17:53
NVD link : CVE-2024-23052
Mitre link : CVE-2024-23052
CVE.ORG link : CVE-2024-23052
JSON object : View
Products Affected
5kcrm
- wukongcrm
CWE
CWE-502
Deserialization of Untrusted Data