CVE-2022-3718124.08.2022, 17:1572crm 9.0 has an Arbitrary file upload vulnerability.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST9.8 CRITICALNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HmitreCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 53%VendorProductVersion72crmwukong_crm9.0𝑥= Vulnerable software versionsKnown Exploits!https://github.com/72wukong/72crm-9.0-PHP/issues/35https://github.com/72wukong/72crm-9.0-PHP/issues/35Common Weakness EnumerationCWE-434 - Unrestricted Upload of File with Dangerous TypeThe software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.Referenceshttps://github.com/72wukong/72crm-9.0-PHP/issues/35https://github.com/72wukong/72crm-9.0-PHP/issues/35