CVE-2024-33117 | crmeb_java 1.3.4 com.zbkj.front.pub.ImageMergeController mergeList server-side request forgery

CVE-2024-33117 | crmeb_java 1.3.4 com.zbkj.front.pub.ImageMergeController mergeList server-side request forgery

A vulnerability, which was classified as critical, has been found in crmeb_java 1.3.4. Affected by this issue is the function mergeList of the component com.zbkj.front.pub.ImageMergeController. The manipulation leads to server-side request forgery. This vulnerability is handled as CVE-2024-33117. The attack needs to be approached within the local network. There is no exploit available.