3 matches found
CVE-2024-36837
SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file...
Path traversal
A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been declared as critical. This vulnerability affects the function save/delete of the file /adminapi/system/crud. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier o...
CVE-2024-1704
CVE-2024-1704 affects ZhongBangKeJi CRMEB 5.2.2. A vulnerability in the function save/delete of the file "/adminapi/system/crud" allows path traversal. The exploit status is not elaborated in detail in the provided documents, but multiple sources reference a critical issue with this endpoint and ...