26 matches found
EUVD-2026-34182
A vulnerability was found in crmeb crmebjava 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request...
CVE-2026-10771 crmeb crmeb_java base64 Qrcode Endpoint RestTemplateUtil.java RestTemplate.getForEntity server-side request forgery
A vulnerability was found in crmeb crmebjava 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request...
CVE-2026-10771
CVE-2026-10771 affects crmeb_crmeb_java 1.4. The vulnerability targets the function RestTemplate.getForEntity in the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint . Manipulating the argument url results in a server-side request...
CVE-2026-10771 crmeb crmeb_java base64 Qrcode Endpoint RestTemplateUtil.java RestTemplate.getForEntity server-side request forgery
A vulnerability was found in crmeb crmebjava 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request...
CVE-2026-10771
A vulnerability was found in crmeb crmebjava 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request...
PT-2026-46067
Name of the Vulnerable Software and Affected Versions crmeb crmeb java version 1.4 Description An issue exists in the base64 Qrcode Endpoint where the manipulation of the url argument in the RestTemplate.getForEntity function within the file...
CVE-2026-7673
A vulnerability was detected in crmebjava up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of the component Admin Upload. Performing a manipulation of the argument model results in unrestricted...
CVE-2026-7673 crmeb_java Admin Upload UploadServiceImpl.java unrestricted upload
A vulnerability was detected in crmebjava up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of the component Admin Upload. Performing a manipulation of the argument model results in unrestricted...
CVE-2026-7673
A vulnerability was detected in crmebjava up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of the component Admin Upload. Performing a manipulation of the argument model results in unrestricted...
CVE-2026-7673
CVE-2026-7673 affects crmeb_java up to v1.3.4, targeting the Admin Upload path: crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java. The vulnerability arises from manipulation of the argument model, resulting in unrestricted file upload. Remote exploitation is p...
CVE-2026-7673 crmeb_java Admin Upload UploadServiceImpl.java unrestricted upload
A vulnerability was detected in crmebjava up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of the component Admin Upload. Performing a manipulation of the argument model results in unrestricted...
EUVD-2023-23840
Malicious code in bioql PyPI...
CVE-2024-28714
SQL Injection vulnerability in CRMEBJava e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter...
CVE-2023-1608
A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been declared as critical. This vulnerability affects the function getAdminList of the file /api/admin/store/product/list. The manipulation of the argument cateId leads to sql injection. The attack can be initiated remotely. T...
CVE-2023-1165
A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the public and may be used...
CVE-2025-2365
A vulnerability, which was classified as problematic, has been found in crmebjava up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has bee...
CVE-2025-2365 crmeb_java WeChatMessageController.java webHook xml external entity reference
A vulnerability, which was classified as problematic, has been found in crmebjava up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has bee...
crmeb_java 代码问题漏洞
crmebjava is a CRMEB open source Java mall system. A code issue vulnerability exists in crmebjava 1.3.4 and prior versions, which originates from an XML external entity reference and could allow a remote attacker to access sensitive information...
crmeb 安全漏洞
Zhongbang CRMEB is an open source e-commerce management system from Zhongbang Networks Zhongbang in Xi'an, China. A security vulnerability exists in crmebjava v1.3.4, which was discovered via the mergeList method of the com.zbkj.front.pub.ImageMergeController class to contain a server-side reques...
PT-2024-25119 · Unknown · Crmeb Java
Name of the Vulnerable Software and Affected Versions: crmeb java version 1.3.4 Description: The issue is related to a Server-Side Request Forgery SSRF in the mergeList method of the ImageMergeController class. This allows for potential exploitation. No information is provided about the estimated...