A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been declared as critical. This vulnerability affects the function videoUpload of the file \crmeb\app\services\system\attachment\SystemAttachmentServices.php. The manipulation of the argument filename leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227716.
CVSS Score
4.7
EPSS Score
0.001
Published
2023-04-29
A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-222261 was assigned to this vulnerability.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-03-03
CRMEB 4.4.4 is vulnerable to Any File download.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-02-06
SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in SystemDatabackup.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-06-29
CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-06-24
In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-06-24
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.013
Published
2020-10-23
Page 2