Vulnerabilities > Crmeb

DATE CVE VULNERABILITY TITLE RISK
2023-02-06 CVE-2022-44343 Files or Directories Accessible to External Parties vulnerability in Crmeb 4.4.4
CRMEB 4.4.4 is vulnerable to Any File download.
network
low complexity
crmeb CWE-552
7.5
2021-06-29 CVE-2020-21394 SQL Injection vulnerability in Crmeb 2.60/3.1
SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in SystemDatabackup.php.
network
low complexity
crmeb CWE-89
6.5
2021-06-24 CVE-2020-21787 Unrestricted Upload of File with Dangerous Type vulnerability in Crmeb 3.1.0+
CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.
network
low complexity
crmeb CWE-434
critical
10.0
2021-06-24 CVE-2020-21788 Server-Side Request Forgery (SSRF) vulnerability in Crmeb 3.1.0+
In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery).
network
low complexity
crmeb CWE-918
4.0
2020-10-23 CVE-2020-25466 Server-Side Request Forgery (SSRF) vulnerability in Crmeb 3.0
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.
network
low complexity
crmeb CWE-918
7.5