VYPR

Crmeb

by Crmeb

Source repositories

CVEs (29)

  • CVE-2023-3233Jun 14, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been classified as critical. Affected is the function get_image_base64 of the file api/controller/v1/PublicController.php. The manipulation leads to server-side request forgery. It is possible to launch the attack…

  • CVE-2023-3232Jun 14, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical. This issue affects some unknown processing of the file /api/wechat/app_auth of the component Image Upload. The manipulation leads to deserialization. The exploit has been disclosed to the…

  • CVE-2023-30185May 8, 2023
    risk 0.00cvss epss 0.01

    CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php.

  • CVE-2023-2419Apr 29, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been declared as critical. This vulnerability affects the function videoUpload of the file \crmeb\app\services\system\attachment\SystemAttachmentServices.php. The manipulation of the argument filename leads to…

  • CVE-2023-25223Mar 7, 2023
    risk 0.00cvss epss 0.01

    CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list.

  • CVE-2022-44343Feb 6, 2023
    risk 0.00cvss epss 0.01

    CRMEB 4.4.4 is vulnerable to Any File download.

  • CVE-2020-21787Jun 24, 2021
    risk 0.00cvss epss 0.02

    CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.

  • CVE-2020-21788Jun 24, 2021
    risk 0.00cvss epss 0.01

    In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php.

  • CVE-2020-25466Oct 23, 2020
    risk 0.00cvss epss 0.03

    A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.

Page 2 of 2