Vulnerabilities > Crmeb

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2024-50653 Unspecified vulnerability in Crmeb
CRMEB <=5.4.0 is vulnerable to Incorrect Access Control.
network
low complexity
crmeb
7.5
2024-06-05 CVE-2024-36837 SQL Injection vulnerability in Crmeb 5.2.2
SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.
network
low complexity
crmeb CWE-89
7.5
2023-06-14 CVE-2023-3233 Server-Side Request Forgery (SSRF) vulnerability in Crmeb
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0.
network
low complexity
crmeb CWE-918
8.8
2023-06-14 CVE-2023-3234 Deserialization of Untrusted Data vulnerability in Crmeb
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0.
network
low complexity
crmeb CWE-502
critical
9.8
2023-06-14 CVE-2023-3232 Deserialization of Untrusted Data vulnerability in Crmeb
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical.
network
low complexity
crmeb CWE-502
critical
9.8
2023-05-08 CVE-2023-30185 Unrestricted Upload of File with Dangerous Type vulnerability in Crmeb
CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php.
network
low complexity
crmeb CWE-434
critical
9.8
2023-04-29 CVE-2023-2419 Unrestricted Upload of File with Dangerous Type vulnerability in Crmeb 4.6.0
A vulnerability was found in Zhong Bang CRMEB 4.6.0.
network
low complexity
crmeb CWE-434
7.2
2023-03-23 CVE-2023-1608 SQL Injection vulnerability in Crmeb Java 1.3.4
A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4.
network
low complexity
crmeb CWE-89
critical
9.8
2023-03-23 CVE-2023-1609 Cross-site Scripting vulnerability in Crmeb Java 1.3.4
A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4.
network
low complexity
crmeb CWE-79
5.4
2023-03-07 CVE-2023-25223 SQL Injection vulnerability in Crmeb Java 1.3.4
CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list.
network
low complexity
crmeb CWE-89
7.2