VYPR

Crmeb

by Crmeb

Source repositories

CVEs (29)

  • CVE-2026-1202HigJan 20, 2026
    risk 0.47cvss 7.3epss 0.01

    A security flaw has been discovered in CRMEB up to 5.6.3. The affected element is the function appleLogin of the file crmeb/app/api/controller/v1/LoginController.php. Performing a manipulation of the argument openId results in improper authentication. The attack is possible to…

  • CVE-2025-11288MedOct 5, 2025
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in CRMEB up to 5.6. This issue affects some unknown processing of the file /adminapi/product/product of the component GET Parameter Handler. Performing a manipulation of the argument cate_id results in sql injection. Remote exploitation of the…

  • CVE-2025-10391MedSep 14, 2025
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument push_token_url leads to server-side request forgery. Remote exploitation of the…

  • CVE-2026-1203MedJan 20, 2026
    risk 0.36cvss 5.6epss 0.01

    A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function remoteRegister of the file crmeb/app/services/user/LoginServices.php of the component JSON Token Handler. Executing a manipulation of the argument uid can lead to improper authentication.…

  • CVE-2025-11290MedOct 5, 2025
    risk 0.36cvss 5.6epss 0.00

    A vulnerability was identified in CRMEB up to 5.6.1. This affects an unknown function of the component JWT HMAC Secret Handler. Such manipulation of the argument secret with the input default leads to use of hard-coded cryptographic key . It is possible to launch the attack…

  • CVE-2025-10390MedSep 14, 2025
    risk 0.35cvss 5.4epss 0.00

    A weakness has been identified in CRMEB up to 5.6.1. The affected element is the function editAddress of the file app/services/user/UserAddressServices.php. Executing manipulation of the argument ID can lead to improper authorization. The attack may be launched remotely. The…

  • CVE-2025-10389MedSep 14, 2025
    risk 0.35cvss 5.4epss 0.00

    A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization.…

  • CVE-2025-15443MedJan 4, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/product_export. Such manipulation of the argument cate_id leads to sql injection. The attack may be launched remotely. The exploit is publicly available…

  • CVE-2025-15442MedJan 4, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was determined in CRMEB up to 5.6.1. This vulnerability affects unknown code of the file /adminapi/export/product_list. This manipulation of the argument cate_id causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed…

  • CVE-2026-1733MedFeb 1, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni. The manipulation of the argument order_id leads to improper authorization. The attack can be initiated remotely. The…

  • CVE-2024-36837Jun 5, 2024
    risk 0.07cvss epss 0.08

    SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.

  • CVE-2024-52726Nov 22, 2024
    risk 0.03cvss epss 0.02

    CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attacker to obtain sensitive information

  • CVE-2024-6944Jul 21, 2024
    risk 0.02cvss epss 0.04

    A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this issue is the function get_image_base64 of the file PublicController.php. The manipulation of the argument file leads to deserialization. The attack may be launched remotely.…

  • CVE-2026-1734Feb 1, 2026
    risk 0.00cvss epss 0.00

    A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be…

  • CVE-2025-25763Mar 6, 2025
    risk 0.00cvss epss 0.01

    crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at getRead() in /system/SystemDatabackupServices.php

  • CVE-2024-50653Nov 15, 2024
    risk 0.00cvss epss 0.01

    CRMEB <=5.4.0 is vulnerable to Incorrect Access Control. Users can bypass the front-end restriction of only being able to claim coupons once by capturing packets and sending a large number of data packets for coupon collection, achieving unlimited coupon collection.

  • CVE-2024-6943Jul 21, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this vulnerability is the function downloadImage of the file app/services/product/product/CopyTaobaoServices.php. The manipulation leads to deserialization. The attack can…

  • CVE-2024-1704Feb 21, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been declared as critical. This vulnerability affects the function save/delete of the file /adminapi/system/crud. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be…

  • CVE-2024-1703Feb 21, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal. The exploit has been disclosed to the public and may…

  • CVE-2023-3234Jun 14, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been declared as problematic. Affected by this vulnerability is the function put_image of the file api/controller/v1/PublicController.php. The manipulation leads to deserialization. The attack can be launched…

Page 1 of 2