Lucene search
K

4 matches found

OSV
OSV
added 2026/01/04 11:32 a.m.7 views

CVE-2025-15443 CRMEB product_export sql injection

A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/productexport. Such manipulation of the argument cateid leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. T...

5.1CVSS5.8AI score0.00329EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/10/05 12:0 a.m.5 views

PT-2025-40801

Name of the Vulnerable Software and Affected Versions CRMEB versions prior to 5.7 Description A security flaw exists in CRMEB that allows for SQL injection. The issue is related to the processing of the cate id argument within the GET Parameter Handler component, specifically in the file...

8.8CVSS6.6AI score0.00306EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/09/16 4:32 a.m.8 views

CVE-2025-10390

A weakness has been identified in CRMEB up to 5.6.1. The affected element is the function editAddress of the file app/services/user/UserAddressServices.php. Executing manipulation of the argument ID can lead to improper authorization. The attack may be launched remotely. The exploit has been made...

5.5CVSS6.5AI score0.00337EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/16 12:0 a.m.3 views

CRMEB server-side request forgery vulnerability in Xi'an Zhongbang Network Technology Co.

CRMEB is a Java mall system . CRMEB 5.6.1 and previous versions of server-side request forgery vulnerability , the vulnerability stems from the file app/services/out/OutAccountServices.php parameter pushtokenurl does not implement a sufficient authentication mechanism to confirm the source of the...

8.8CVSS6.7AI score0.00297EPSS
Exploits0References1
Rows per page
Query Builder