CVE-2025-15443

A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/productexport. Such manipulation of the argument cateid leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. T...

PT-2025-40801

Name of the Vulnerable Software and Affected Versions CRMEB versions prior to 5.7 Description A security flaw exists in CRMEB that allows for SQL injection. The issue is related to the processing of the cate id argument within the GET Parameter Handler component, specifically in the file...

CVE-2025-10390

A weakness has been identified in CRMEB up to 5.6.1. The affected element is the function editAddress of the file app/services/user/UserAddressServices.php. Executing manipulation of the argument ID can lead to improper authorization. The attack may be launched remotely. The exploit has been made...

CRMEB server-side request forgery vulnerability in Xi'an Zhongbang Network Technology Co.

CRMEB is a Java mall system . CRMEB 5.6.1 and previous versions of server-side request forgery vulnerability , the vulnerability stems from the file app/services/out/OutAccountServices.php parameter pushtokenurl does not implement a sufficient authentication mechanism to confirm the source of the...

CVE-2025-10391

A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument pushtokenurl leads to server-side request forgery. Remote exploitation of the attack is possible...

CVE-2020-21787

CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php...