Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Sun, 19 Jul 2026 07:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was determined in 1Panel-dev CordysCRM up to 1.4.1. Impacted is the function getSqlBotSrc of the file backend/crm/src/main/java/cn/cordys/crm/system/service/IntegrationConfigService.java of the component Third Party Edit Endpoint. Executing a manipulation of the argument appSecret can lead to server-side request forgery. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | |
| Title | 1Panel-dev CordysCRM Third Party Edit Endpoint IntegrationConfigService.java getSqlBotSrc server-side request forgery | |
| First Time appeared |
1panel-dev
1panel-dev cordyscrm |
|
| Weaknesses | CWE-918 | |
| CPEs | cpe:2.3:a:1panel-dev:cordyscrm:*:*:*:*:*:*:*:* | |
| Vendors & Products |
1panel-dev
1panel-dev cordyscrm |
|
| References |
|
|
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-19T07:15:09.159Z
Reserved: 2026-07-18T12:11:12.780Z
Link: CVE-2026-16223
No data.
No data.
No data.
OpenCVE Enrichment
No data.