4 matches found
CVE-2025-15443 CRMEB product_export sql injection
A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/productexport. Such manipulation of the argument cateid leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. T...
PT-2025-40801
Name of the Vulnerable Software and Affected Versions CRMEB versions prior to 5.7 Description A security flaw exists in CRMEB that allows for SQL injection. The issue is related to the processing of the cate id argument within the GET Parameter Handler component, specifically in the file...
CVE-2025-10390
A weakness has been identified in CRMEB up to 5.6.1. The affected element is the function editAddress of the file app/services/user/UserAddressServices.php. Executing manipulation of the argument ID can lead to improper authorization. The attack may be launched remotely. The exploit has been made...
CRMEB server-side request forgery vulnerability in Xi'an Zhongbang Network Technology Co.
CRMEB is a Java mall system . CRMEB 5.6.1 and previous versions of server-side request forgery vulnerability , the vulnerability stems from the file app/services/out/OutAccountServices.php parameter pushtokenurl does not implement a sufficient authentication mechanism to confirm the source of the...