VYPR

CRMEB Java

by Crmeb

CVEs (3)

  • CVE-2025-2365MedMar 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as problematic, has been found in crmeb_java up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely.…

  • CVE-2023-1165MedMar 3, 2023
    risk 0.36cvss 5.5epss 0.01

    A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the…

  • CVE-2024-33117MedMay 6, 2024
    risk 0.34cvss 5.3epss 0.00

    crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController.