3 matches found
CVE-2026-16223
1Panel-dev CordysCRM up to 1.4.1 is affected in the Third Party Edit Endpoint, specifically the IntegrationConfigService.getSqlBotSrc function. A manipulated appSecret can trigger server-side request forgery (SSRF) and the issue can be exploited remotely. The exploit has been publicly disclosed a...
CVE-2026-16222
A vulnerability was found in 1Panel-dev CordysCRM up to 1.4.1. This issue affects some unknown processing of the file backend/crm/src/main/java/cn/cordys/crm/integration/sso/service/TokenService.java of the component Third Party Endpoint. Performing a manipulation of the argument mkAddress result...
PT-2026-45685
A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...