Vulnerabilities > Crmeb > Crmeb
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-14 | CVE-2023-3233 | Server-Side Request Forgery (SSRF) vulnerability in Crmeb A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. | 8.8 |
| 2023-06-14 | CVE-2023-3234 | Deserialization of Untrusted Data vulnerability in Crmeb A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. | 9.8 |
| 2023-06-14 | CVE-2023-3232 | Deserialization of Untrusted Data vulnerability in Crmeb A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical. | 9.8 |
| 2023-05-08 | CVE-2023-30185 | Unrestricted Upload of File with Dangerous Type vulnerability in Crmeb 4.4.2/4.4.4/4.6.0 CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php. | 9.8 |
| 2023-04-29 | CVE-2023-2419 | Unrestricted Upload of File with Dangerous Type vulnerability in Crmeb 4.6.0 A vulnerability was found in Zhong Bang CRMEB 4.6.0. | 7.2 |
| 2023-03-07 | CVE-2023-25223 | SQL Injection vulnerability in Crmeb CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list. | 7.2 |
| 2023-03-03 | CVE-2023-1165 | SQL Injection vulnerability in Crmeb 1.3.4 A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. | 7.2 |
| 2023-02-06 | CVE-2022-44343 | Files or Directories Accessible to External Parties vulnerability in Crmeb 4.4.4 CRMEB 4.4.4 is vulnerable to Any File download. | 7.5 |
| 2021-06-29 | CVE-2020-21394 | SQL Injection vulnerability in Crmeb 2.60/3.1 SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in SystemDatabackup.php. | 6.5 |
| 2021-06-24 | CVE-2020-21787 | Unrestricted Upload of File with Dangerous Type vulnerability in Crmeb 3.1.0+ CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php. | 10.0 |