Platform
php
Component
jeson-customer-relationship-management-system
A server-side request forgery (SSRF) vulnerability has been identified in the Jeson-Customer-Relationship-Management-System API Module. This flaw allows attackers to manipulate internal requests, potentially leading to unauthorized access to sensitive data or systems. The vulnerability affects versions up to commit 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. A patch (f76e7123f) is available to address this issue.
The SSRF vulnerability in Jeson-Customer-Relationship-Management-System allows an attacker to craft malicious requests through the 'url' parameter within the /api/System.php endpoint. Successful exploitation enables the attacker to make the server initiate requests to arbitrary internal or external resources. This could expose internal services, read sensitive configuration files, or even potentially interact with other internal systems. Given the continuous delivery model, the blast radius extends to any internal resource accessible from the API server. The ability to trigger arbitrary requests makes this a significant risk, potentially leading to data breaches or complete system compromise.
This vulnerability has been publicly disclosed. The exploit is known and potentially accessible to a wide range of attackers. While no specific campaigns or KEV listing are currently available, the SSRF nature of the vulnerability makes it a high-priority target. The public disclosure increases the likelihood of exploitation attempts, especially given the lack of specific versioning information and the potential for easy exploitation.
Exploit Status
EPSS
0.06% (18% percentile)
CISA SSVC
CVSS Vector
Due to the continuous delivery model of Jeson-Customer-Relationship-Management-System, specific version numbers are not available for affected or patched releases. The recommended mitigation is to immediately apply the provided patch: f76e7123f. If applying the patch directly is not feasible, consider implementing a Web Application Firewall (WAF) rule to filter requests containing suspicious URLs or patterns. Restrict network access to the Jeson-Customer-Relationship-Management-System API server to only necessary internal resources. Monitor API logs for unusual outbound requests originating from the /api/System.php endpoint. After applying the patch, confirm remediation by attempting to trigger the SSRF vulnerability with a known malicious URL and verifying that the request is blocked or handled safely.
It is recommended to install the patch f76e7123fe093b8675f88ec8f71725b0dd186310/98bd4eb07fa19d4f2c5228de6395580013c97476 to resolve the Server-Side Request Forgery (SSRF) vulnerability in the API module of the CRM system. Due to the lack of information about affected and corrected versions, it is advised to apply the patch as soon as possible. Consult the provided references for more details about the vulnerability and the patch.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-4623 is a HIGH severity SSRF vulnerability affecting the Jeson-Customer-Relationship-Management-System API Module, allowing attackers to manipulate internal requests.
If you are using Jeson-Customer-Relationship-Management-System API Module up to commit 1b4679c4d06b90d31dd521c2b000bfdec5a36e00, you are potentially affected.
Apply the patch f76e7123f. Consider WAF rules and network restrictions as interim mitigations.
The vulnerability has been publicly disclosed and is potentially being exploited, given its ease of exploitation.
Refer to the Jeson-Customer-Relationship-Management-System documentation and release notes for the latest advisory regarding this vulnerability.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.