Crmeb
CVE-2024-52726
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attacker to obtain sensitive information
AnalysisAI
CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attacker to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attacker to obtain sensitive information Affected products include: Crmeb.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. Rated critical severity (CVSS 9.8), this vulnerability is rem
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical. Rated critical severity (CVSS 9.8)
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. Rated high severity (CVSS 8.8), this vulnerability is remotel
A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. Rated high severity (CVSS 8.1), this vulnerability is no authent
CRMEB <=5.4.0 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely
SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProduct
A vulnerability was found in Zhong Bang CRMEB 4.6.0. Rated high severity (CVSS 7.2), this vulnerability is remotely expl
A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. Rated high severity (CVSS 7.2), this vulnerability is remotely
CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\System
crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at getRead() in /system/SystemDatabackupServices.php.
Missing authorization in CRMEB crontab endpoints (versions up to 5.6.3) allows unauthenticated remote attackers to manip
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today