CVE-2026-1734

A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be launched remotely. The...

PT-2026-3525

A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function remoteRegister of the file crmeb/app/services/user/LoginServices.php of the component JSON Token Handler. Executing a manipulation of the argument uid can lead to improper authentication. The attack may be...

CVE-2023-25223

CRMEB =1.3.4 is vulnerable to SQL Injection via /api/admin/user/list...

CVE-2025-15443

A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/productexport. Such manipulation of the argument cateid leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. T...

EUVD-2026-0778

A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/productexport. Such manipulation of the argument cateid leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. T...

CVE-2025-15442

A vulnerability was determined in CRMEB up to 5.6.1. This vulnerability affects unknown code of the file /adminapi/export/productlist. This manipulation of the argument cateid causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2025-15442

A vulnerability was determined in CRMEB up to 5.6.1. This vulnerability affects unknown code of the file /adminapi/export/productlist. This manipulation of the argument cateid causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...

EUVD-2026-0776

A vulnerability was determined in CRMEB up to 5.6.1. This vulnerability affects unknown code of the file /adminapi/export/productlist. This manipulation of the argument cateid causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...

CRMEB SQL注入漏洞

CRMEB is a Java mall system of CRMEB open source. A SQL injection vulnerability exists in CRMEB 5.6.1 and earlier versions, which originates from the incorrect operation of the parameter cateid in the file /adminapi/product/productexport, which could lead to a SQL injection attack...

EUVD-2020-14555

Malware in sbrugna...

EUVD-2020-14556

Malware in sbrugna...

CVE-2025-11288

A security flaw has been discovered in CRMEB up to 5.6. This issue affects some unknown processing of the file /adminapi/product/product of the component GET Parameter Handler. Performing a manipulation of the argument cateid results in sql injection. Remote exploitation of the attack is possible...

CVE-2025-11288

The CRMEB CVE-2025-11288 issue affects CRMEB versions up to 5.6 (and is described as affecting versions prior to 5.7 by PT-Security) in GET Parameter Handler for /adminapi/product/product. Manipulation of the cate_id argument enables SQL injection with remote exploitation possible and an exploit ...

EUVD-2023-34610

Malicious code in bioql PyPI...

EUVD-2025-29111

Malicious code in bioql PyPI...

EUVD-2024-44989

Malicious code in bioql PyPI...

CVE-2025-10391

A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument pushtokenurl leads to server-side request forgery. Remote exploitation of the attack is possible...

CVE-2025-10391

A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument pushtokenurl leads to server-side request forgery. Remote exploitation of the attack is possible...

CVE-2025-10390

A weakness has been identified in CRMEB up to 5.6.1. The affected element is the function editAddress of the file app/services/user/UserAddressServices.php. Executing manipulation of the argument ID can lead to improper authorization. The attack may be launched remotely. The exploit has been made...

CVE-2025-10390

A weakness has been identified in CRMEB up to 5.6.1. The affected element is the function editAddress of the file app/services/user/UserAddressServices.php. Executing manipulation of the argument ID can lead to improper authorization. The attack may be launched remotely. The exploit has been made...