Crmeb Java
by Crmeb
Source repositories
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-10771 | Hig | 0.47 | 7.3 | — | Jun 3, 2026 | A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in… | ||
| CVE-2025-2365 | Med | 0.41 | 6.3 | 0.00 | Mar 17, 2025 | A vulnerability, which was classified as problematic, has been found in crmeb_java up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely.… | ||
| CVE-2024-33117 | 0.00 | — | 0.00 | May 6, 2024 | crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController. | |||
| CVE-2024-28714 | 0.00 | — | 0.00 | Mar 28, 2024 | SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter. | |||
| CVE-2024-24110 | 0.00 | — | 0.00 | Feb 29, 2024 | SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people. | |||
| CVE-2024-25469 | 0.00 | — | 0.00 | Feb 23, 2024 | SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component. | |||
| CVE-2023-1609 | 0.00 | — | 0.00 | Mar 23, 2023 | A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been rated as problematic. This issue affects the function save of the file /api/admin/store/product/save. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has… | |||
| CVE-2023-1608 | 0.00 | — | 0.00 | Mar 23, 2023 | A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been declared as critical. This vulnerability affects the function getAdminList of the file /api/admin/store/product/list. The manipulation of the argument cateId leads to sql injection. The attack can be… | |||
| CVE-2023-25223 | 0.00 | — | 0.01 | Mar 7, 2023 | CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list. | |||
| CVE-2023-1165 | 0.00 | — | 0.00 | Mar 3, 2023 | A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the… |
- risk 0.47cvss 7.3epss —
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in…
- risk 0.41cvss 6.3epss 0.00
A vulnerability, which was classified as problematic, has been found in crmeb_java up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely.…
- CVE-2024-33117May 6, 2024risk 0.00cvss —epss 0.00
crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController.
- CVE-2024-28714Mar 28, 2024risk 0.00cvss —epss 0.00
SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter.
- CVE-2024-24110Feb 29, 2024risk 0.00cvss —epss 0.00
SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people.
- CVE-2024-25469Feb 23, 2024risk 0.00cvss —epss 0.00
SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component.
- CVE-2023-1609Mar 23, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been rated as problematic. This issue affects the function save of the file /api/admin/store/product/save. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has…
- CVE-2023-1608Mar 23, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been declared as critical. This vulnerability affects the function getAdminList of the file /api/admin/store/product/list. The manipulation of the argument cateId leads to sql injection. The attack can be…
- CVE-2023-25223Mar 7, 2023risk 0.00cvss —epss 0.01
CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list.
- CVE-2023-1165Mar 3, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the…