Vulnerabilities > Crmeb

DATE CVE VULNERABILITY TITLE RISK
2024-06-05 CVE-2024-36837 SQL Injection vulnerability in Crmeb 5.2.2
SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.
network
low complexity
crmeb CWE-89
7.5
2023-06-14 CVE-2023-3233 Server-Side Request Forgery (SSRF) vulnerability in Crmeb
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0.
network
low complexity
crmeb CWE-918
8.8
2023-06-14 CVE-2023-3234 Deserialization of Untrusted Data vulnerability in Crmeb
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0.
network
low complexity
crmeb CWE-502
critical
9.8
2023-06-14 CVE-2023-3232 Deserialization of Untrusted Data vulnerability in Crmeb
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical.
network
low complexity
crmeb CWE-502
critical
9.8
2023-05-08 CVE-2023-30185 Unrestricted Upload of File with Dangerous Type vulnerability in Crmeb 4.4.2/4.4.4/4.6.0
CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php.
network
low complexity
crmeb CWE-434
critical
9.8
2023-04-29 CVE-2023-2419 Unrestricted Upload of File with Dangerous Type vulnerability in Crmeb 4.6.0
A vulnerability was found in Zhong Bang CRMEB 4.6.0.
network
low complexity
crmeb CWE-434
7.2
2023-03-23 CVE-2023-1608 SQL Injection vulnerability in Crmeb Java 1.3.4
A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4.
network
low complexity
crmeb CWE-89
critical
9.8
2023-03-23 CVE-2023-1609 Cross-site Scripting vulnerability in Crmeb Java 1.3.4
A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4.
network
low complexity
crmeb CWE-79
5.4
2023-03-07 CVE-2023-25223 SQL Injection vulnerability in Crmeb
CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list.
network
low complexity
crmeb CWE-89
7.2
2023-03-03 CVE-2023-1165 SQL Injection vulnerability in Crmeb 1.3.4
A vulnerability was found in Zhong Bang CRMEB Java 1.3.4.
network
low complexity
crmeb CWE-89
7.2