No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Sun, 19 Jul 2026 07:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was determined in 1Panel-dev CordysCRM up to 1.4.1. Impacted is the function getSqlBotSrc of the file backend/crm/src/main/java/cn/cordys/crm/system/service/IntegrationConfigService.java of the component Third Party Edit Endpoint. Executing a manipulation of the argument appSecret can lead to server-side request forgery. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | |
| Title | 1Panel-dev CordysCRM Third Party Edit Endpoint IntegrationConfigService.java getSqlBotSrc server-side request forgery | |
| First Time appeared |
1panel-dev
1panel-dev cordyscrm |
|
| Weaknesses | CWE-918 | |
| CPEs | cpe:2.3:a:1panel-dev:cordyscrm:*:*:*:*:*:*:*:* | |
| Vendors & Products |
1panel-dev
1panel-dev cordyscrm |
|
| References |
|
|
| Metrics |
cvssV2_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-19T07:15:09.159Z
Reserved: 2026-07-18T12:11:12.780Z
Link: CVE-2026-16223
No data.
No data.
No data.
OpenCVE Enrichment
No data.