CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-1608

A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been declared as critical. This vulnerability affects the function getAdminList of the file /api/admin/store/product/list. The manipulation of the argument cateId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-223738 is the identifier assigned to this vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.8%

CVSS Severity

CVSS v3 Score 6.3

CVSS v2 Score 6.5

References

https://github.com/crmeb/crmeb_java/issues/11
https://vuldb.com/?ctiid.223738
https://vuldb.com/?id.223738
https://github.com/crmeb/crmeb_java/issues/11
https://vuldb.com/?ctiid.223738
https://vuldb.com/?id.223738

Products affected by CVE-2023-1608

Crmeb » Crmeb Java » Version: N/A

cpe:2.3:a:crmeb:crmeb_java:-
Crmeb » Crmeb Java » Version: 1.3.4

cpe:2.3:a:crmeb:crmeb_java:1.3.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-1608

Products

Pricing

Contact Us