Vulnerabilities > Crmeb > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-06-14 CVE-2023-3234 Deserialization of Untrusted Data vulnerability in Crmeb
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0.
network
low complexity
crmeb CWE-502
critical
 9.8
9.8
2023-06-14 CVE-2023-3232 Deserialization of Untrusted Data vulnerability in Crmeb
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical.
network
low complexity
crmeb CWE-502
critical
 9.8
9.8
2023-05-08 CVE-2023-30185 Unrestricted Upload of File with Dangerous Type vulnerability in Crmeb 4.4.2/4.4.4/4.6.0
CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php.
network
low complexity
crmeb CWE-434
critical
 9.8
9.8
2023-03-23 CVE-2023-1608 SQL Injection vulnerability in Crmeb Java 1.3.4
A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4.
network
low complexity
crmeb CWE-89
critical
 9.8
9.8
2021-06-24 CVE-2020-21787 Unrestricted Upload of File with Dangerous Type vulnerability in Crmeb 3.1.0+
CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.
network
low complexity
crmeb CWE-434
critical
 10.0
10