25 matches found
CVE-2026-10771
A vulnerability was found in crmeb crmebjava 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request...
CVE-2026-7673
A vulnerability was detected in crmebjava up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of the component Admin Upload. Performing a manipulation of the argument model results in unrestricted...
EUVD-2026-26807
A vulnerability was detected in crmebjava up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of the component Admin Upload. Performing a manipulation of the argument model results in unrestricted...
crmeb_java 访问控制错误漏洞
crmebjava is an open-source e-commerce system developed by CRMEB. Versions of crmebjava 1.3.4 and earlier contained a access control vulnerability. This vulnerability stemmed from unknown code in the Admin Upload component, specifically in the...
EUVD-2025-6464
Malicious code in bioql PyPI...
CVE-2024-24110
SQL Injection vulnerability in crmebjava before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people...
CVE-2024-33117
crmebjava v1.3.4 was discovered to contain a Server-Side Request Forgery SSRF via the mergeList method in class com.zbkj.front.pub.ImageMergeController...
CVE-2025-2365
A vulnerability, which was classified as problematic, has been found in crmebjava up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has bee...
CVE-2025-2365 crmeb_java WeChatMessageController.java webHook xml external entity reference
A vulnerability, which was classified as problematic, has been found in crmebjava up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has bee...
CVE-2025-2365
CVE-2025-2365 affects crmeb_java up to 1.3.4. The vulnerability resides in the WebHook function of WeChatMessageController.java, where an XML External Entity (XXE) reference can be introduced. The issue allows remote exploitation and has been publicly disclosed. CVSS metrics across sources indica...
CVE-2024-33117
crmebjava v1.3.4 was discovered to contain a Server-Side Request Forgery SSRF via the mergeList method in class com.zbkj.front.pub.ImageMergeController...
CVE-2024-33117
CVE-2024-33117 affects crmeb_java v1.3.4, with a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController . Documents indicate the issue exists in this component and provides a practical remediation: temporarily disable the mergeList method and ...
CVE-2024-28714
SQL Injection vulnerability in CRMEBJava e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter...
CVE-2024-28714
CVE-2024-28714 is a SQL Injection vulnerability in the CRMEB_Java e-commerce system version 1.3.4. The issue allows an attacker to cause arbitrary code execution via the groupid parameter. The Red Hat/OSV/NVD and related entries confirm the vulnerability description, but none of the provided docu...
CVE-2024-28714
SQL Injection vulnerability in CRMEBJava e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter...
CVE-2024-28714
SQL Injection vulnerability in CRMEBJava e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter...
CVE-2024-24110
SQL Injection vulnerability in crmebjava before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people...
CVE-2024-24110
SQL Injection vulnerability in crmebjava before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people...
Sql injection
SQL Injection vulnerability in crmebjava before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people...
CVE-2024-24110
SQL Injection vulnerability in crmebjava before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people...