Crmeb

Crmeb

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-10389

  • EPSS 0.11%
  • Veröffentlicht 14.09.2025 04:15:39
  • Zuletzt bearbeitet 14.10.2025 19:32:08

A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results ...

9.8

CVE-2025-25763

  • EPSS 0.08%
  • Veröffentlicht 06.03.2025 21:15:15
  • Zuletzt bearbeitet 07.07.2025 18:20:03

crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at getRead() in /system/SystemDatabackupServices.php

7.5

CVE-2024-52726

  • EPSS 26.32%
  • Veröffentlicht 22.11.2024 19:15:07
  • Zuletzt bearbeitet 07.07.2025 18:06:25

CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attacker to obtain sensitive information

7.5

CVE-2024-50653

Exploit
  • EPSS 0.11%
  • Veröffentlicht 15.11.2024 17:15:20
  • Zuletzt bearbeitet 13.03.2025 16:15:24

CRMEB <=5.4.0 is vulnerable to Incorrect Access Control. Users can bypass the front-end restriction of only being able to claim coupons once by capturing packets and sending a large number of data packets for coupon collection, achieving unlimited co...

7.5

CVE-2024-6944

  • EPSS 24.93%
  • Veröffentlicht 21.07.2024 08:15:06
  • Zuletzt bearbeitet 03.01.2025 19:11:23

A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this issue is the function get_image_base64 of the file PublicController.php. The manipulation of the argument file leads to deserialization. The att...

8.8

CVE-2024-6943

  • EPSS 0.05%
  • Veröffentlicht 21.07.2024 07:15:06
  • Zuletzt bearbeitet 03.01.2025 19:11:26

A vulnerability has been found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this vulnerability is the function downloadImage of the file app/services/product/product/CopyTaobaoServices.php. The manipulation leads to dese...

7.5

CVE-2024-36837

  • EPSS 91.67%
  • Veröffentlicht 05.06.2024 15:15:11
  • Zuletzt bearbeitet 21.11.2024 09:22:41

SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.

8.1

CVE-2024-1704

Exploit
  • EPSS 0.07%
  • Veröffentlicht 21.02.2024 18:15:50
  • Zuletzt bearbeitet 03.01.2025 19:11:28

A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been declared as critical. This vulnerability affects the function save/delete of the file /adminapi/system/crud. The manipulation leads to path traversal. The exploit has been disclosed ...

5.3

CVE-2024-1703

Exploit
  • EPSS 0.37%
  • Veröffentlicht 21.02.2024 17:15:08
  • Zuletzt bearbeitet 03.01.2025 19:11:33

A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal. The exploit has been disc...

9.8

CVE-2023-3234

Exploit
  • EPSS 0.1%
  • Veröffentlicht 14.06.2023 07:15:09
  • Zuletzt bearbeitet 21.11.2024 08:16:45

A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been declared as problematic. Affected by this vulnerability is the function put_image of the file api/controller/v1/PublicController.php. The manipulation leads to deserialization. Th...