Skip to main content

Crmeb Java

7 CVEs product

Monthly

CVE-2024-33117 MEDIUM This Month

crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Crmeb Java
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-28714 HIGH POC This Week

SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Crmeb Java
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-24110 MEDIUM POC This Month

SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Crmeb Java
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-25469 HIGH POC This Week

SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Crmeb Java
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-1609 MEDIUM POC This Month

A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Crmeb Java
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1608 CRITICAL POC Act Now

A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Crmeb Java
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-25223 HIGH POC This Week

CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Crmeb Java
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
EPSS 0% CVSS 5.3
MEDIUM This Month

crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Crmeb Java
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC This Week

SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Crmeb Java
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Crmeb Java
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Crmeb Java
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Crmeb Java
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Crmeb Java
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Crmeb Java
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy