Lucene search

K
CrmebCrmeb Java

9 matches found

CVE
CVE
added 2024/02/23 11:15 p.m.4487 views

CVE-2024-25469

SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component.

7.5CVSS7.4AI score0.00045EPSS
CVE
CVE
added 2023/03/03 8:15 a.m.87 views

CVE-2023-1165

A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the public and may be used. ...

7.2CVSS6.5AI score0.00058EPSS
CVE
CVE
added 2023/03/23 8:15 p.m.86 views

CVE-2023-1609

A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been rated as problematic. This issue affects the function save of the file /api/admin/store/product/save. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to t...

5.4CVSS4.4AI score0.00064EPSS
CVE
CVE
added 2023/03/23 8:15 p.m.75 views

CVE-2023-1608

A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been declared as critical. This vulnerability affects the function getAdminList of the file /api/admin/store/product/list. The manipulation of the argument cateId leads to sql injection. The attack can be initiated remotely. The...

9.8CVSS8.2AI score0.00048EPSS
CVE
CVE
added 2023/03/07 5:15 p.m.68 views

CVE-2023-25223

CRMEB

7.2CVSS7.4AI score0.0024EPSS
CVE
CVE
added 2024/03/28 11:15 p.m.55 views

CVE-2024-28714

SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter.

8.1CVSS8.7AI score0.00163EPSS
CVE
CVE
added 2024/03/21 2:52 a.m.54 views

CVE-2024-24110

SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people.

6.5CVSS8.2AI score0.00362EPSS
CVE
CVE
added 2025/03/17 7:15 a.m.51 views

CVE-2025-2365

A vulnerability, which was classified as problematic, has been found in crmeb_java up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been...

6.5CVSS6.9AI score0.00108EPSS
CVE
CVE
added 2024/05/06 8:15 p.m.39 views

CVE-2024-33117

crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController.

5.3CVSS7.3AI score0.00103EPSS