VYPR

Crmeb Java

by Crmeb

Source repositories

CVEs (10)

  • CVE-2024-25469HigFeb 23, 2024
    risk 0.49cvss 7.5epss 0.01

    SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component.

  • CVE-2026-10771HigJun 3, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in…

  • CVE-2023-25223HigMar 7, 2023
    risk 0.47cvss 7.2epss 0.01

    CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list.

  • CVE-2024-28714HigMar 28, 2024
    risk 0.46cvss 8.1epss 0.01

    SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter.

  • CVE-2024-24110MedMar 21, 2024
    risk 0.42cvss 6.5epss 0.01

    SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people.

  • CVE-2025-2365MedMar 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as problematic, has been found in crmeb_java up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely.…

  • CVE-2023-1608MedMar 23, 2023
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been declared as critical. This vulnerability affects the function getAdminList of the file /api/admin/store/product/list. The manipulation of the argument cateId leads to sql injection. The attack can be…

  • CVE-2023-1165MedMar 3, 2023
    risk 0.36cvss 5.5epss 0.01

    A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the…

  • CVE-2024-33117MedMay 6, 2024
    risk 0.34cvss 5.3epss 0.00

    crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController.

  • CVE-2023-1609LowMar 23, 2023
    risk 0.23cvss 3.5epss 0.01

    A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been rated as problematic. This issue affects the function save of the file /api/admin/store/product/save. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has…