CVE-2024-28714

SQL Injection vulnerability in CRMEBJava e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter...

PT-2024-22534 · Unknown · Crmeb Java

Name of the Vulnerable Software and Affected Versions: CRMEB Java e-commerce system version 1.3.4 Description: The issue allows an attacker to execute arbitrary code via the groupid parameter, potentially leading to unauthorized access and data manipulation. Recommendations: For CRMEB Java...

PT-2024-20275 · Unknown · Crmeb Java

Name of the Vulnerable Software and Affected Versions: crmeb java versions prior to 1.3.4 Description: The issue allows attackers to execute arbitrary SQL commands by sending a crafted GET request to the "api/front/spread/people" endpoint. This enables attackers to manipulate the database,...

PT-2024-20962 · Crmeb · Crmeb

Name of the Vulnerable Software and Affected Versions: CRMEB crmeb java versions 1.3.4 and earlier Description: The issue allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the "api/front/store/list" component. This enables the attacker to exploi...

Sql injection

A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been declared as critical. This vulnerability affects the function getAdminList of the file /api/admin/store/product/list. The manipulation of the argument cateId leads to sql injection. The attack can be initiated remotely. T...

CVE-2023-1608

CVE-2023-1608 affects Zhong Bang CRMEB Java up to version 1.3.4. The vulnerability lies in the getAdminList function of /api/admin/store/product/list, where improper handling of the cateId parameter enables SQL injection. This can be exploited remotely; the exploit has been disclosed publicly per...