Crmeb
by Crmeb
Source repositories
CVEs (29)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-3233 | 0.00 | — | 0.01 | Jun 14, 2023 | A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been classified as critical. Affected is the function get_image_base64 of the file api/controller/v1/PublicController.php. The manipulation leads to server-side request forgery. It is possible to launch the attack… | |||
| CVE-2023-3232 | 0.00 | — | 0.01 | Jun 14, 2023 | A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical. This issue affects some unknown processing of the file /api/wechat/app_auth of the component Image Upload. The manipulation leads to deserialization. The exploit has been disclosed to the… | |||
| CVE-2023-30185 | 0.00 | — | 0.01 | May 8, 2023 | CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php. | |||
| CVE-2023-2419 | 0.00 | — | 0.01 | Apr 29, 2023 | A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been declared as critical. This vulnerability affects the function videoUpload of the file \crmeb\app\services\system\attachment\SystemAttachmentServices.php. The manipulation of the argument filename leads to… | |||
| CVE-2023-25223 | 0.00 | — | 0.01 | Mar 7, 2023 | CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list. | |||
| CVE-2022-44343 | 0.00 | — | 0.01 | Feb 6, 2023 | CRMEB 4.4.4 is vulnerable to Any File download. | |||
| CVE-2020-21787 | 0.00 | — | 0.02 | Jun 24, 2021 | CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php. | |||
| CVE-2020-21788 | 0.00 | — | 0.01 | Jun 24, 2021 | In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php. | |||
| CVE-2020-25466 | 0.00 | — | 0.03 | Oct 23, 2020 | A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code. |
- CVE-2023-3233Jun 14, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been classified as critical. Affected is the function get_image_base64 of the file api/controller/v1/PublicController.php. The manipulation leads to server-side request forgery. It is possible to launch the attack…
- CVE-2023-3232Jun 14, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical. This issue affects some unknown processing of the file /api/wechat/app_auth of the component Image Upload. The manipulation leads to deserialization. The exploit has been disclosed to the…
- CVE-2023-30185May 8, 2023risk 0.00cvss —epss 0.01
CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php.
- CVE-2023-2419Apr 29, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been declared as critical. This vulnerability affects the function videoUpload of the file \crmeb\app\services\system\attachment\SystemAttachmentServices.php. The manipulation of the argument filename leads to…
- CVE-2023-25223Mar 7, 2023risk 0.00cvss —epss 0.01
CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list.
- CVE-2022-44343Feb 6, 2023risk 0.00cvss —epss 0.01
CRMEB 4.4.4 is vulnerable to Any File download.
- CVE-2020-21787Jun 24, 2021risk 0.00cvss —epss 0.02
CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.
- CVE-2020-21788Jun 24, 2021risk 0.00cvss —epss 0.01
In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php.
- CVE-2020-25466Oct 23, 2020risk 0.00cvss —epss 0.03
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.
Page 2 of 2