A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This …

Published:

23 maart 2026 om 23:00:00

Alert date:

24 maart 2026 om 09:16:39

Source:

nvd.nist.gov

Web Technologies, Enterprise Applications

CVE-2026-4623 affects DefaultFuction Jeson-Customer-Relationship-Management-System up to commit 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. The vulnerability exists in an unknown function of the file /api/System.php within the API Module component. Manipulation of the 'url' argument leads to server-side request forgery (SSRF). The attack can be initiated remotely and the exploit has been publicly disclosed. The product uses continuous delivery with rolling releases, making version tracking difficult. A patch has been made available with identifier f76e7123fe093b8675f88ec8f71725b0dd186310/98bd4eb07fa19d4f2c5228de6395580013c97476. Organizations are advised to apply the patch immediately to address this remotely exploitable vulnerability.

Technical details

Mitigation steps:

Affected products:

DefaultFuction Jeson-Customer-Relationship-Management-System

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-4623
https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/
https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/commit/f76e7123fe093b8675f88ec8f71725b0dd186310
https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/issues/2
https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/issues/2#issue-4045330588
https://github.com/DefaultFuction/Jeson-Customer-Relationship-Management-System/issues/2#issuecomment-4023480586
https://vuldb.com/?ctiid.352482
https://vuldb.com/?id.352482
https://vuldb.com/?submit.775760

Related CVE's:

CVE-2026-4623

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.