Vulnerabilities > Crmeb

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-06	CVE-2022-44343	Files or Directories Accessible to External Parties vulnerability in Crmeb 4.4.4 CRMEB 4.4.4 is vulnerable to Any File download. network low complexity crmeb CWE-552	7.5
2021-06-29	CVE-2020-21394	SQL Injection vulnerability in Crmeb 2.60/3.1 SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in SystemDatabackup.php. network low complexity crmeb CWE-89	6.5
2021-06-24	CVE-2020-21787	Unrestricted Upload of File with Dangerous Type vulnerability in Crmeb 3.1.0+ CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php. network low complexity crmeb CWE-434 critical	10.0
2021-06-24	CVE-2020-21788	Server-Side Request Forgery (SSRF) vulnerability in Crmeb 3.1.0+ In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). network low complexity crmeb CWE-918	4.0
2020-10-23	CVE-2020-25466	Server-Side Request Forgery (SSRF) vulnerability in Crmeb 3.0 A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code. network low complexity crmeb CWE-918	7.5

Vulnerabilities > Crmeb {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Crmeb"}]}