Crmeb Java

crmeb_java

Vendor: Crmeb • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-33117 1Crmeb 1Crmeb Java Jun 11, 2025 May 6, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController.
CVE-2024-28714 1Crmeb 1Crmeb Java Jun 10, 2025 Mar 28, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter.
CVE-2024-24110 1Crmeb 1Crmeb Java Jun 10, 2025 Mar 21, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people.
CVE-2024-25469 1Crmeb 1Crmeb Java Apr 25, 2025 Feb 23, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component.
CVE-2023-1609 1Crmeb 1Crmeb Java Nov 21, 2024 Mar 23, 2023 N/A· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been rated as problematic. This issue affects the function save of the file /api/admin/store/product/save. The manipulation leads to cross site scrip...Show more A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been rated as problematic. This issue affects the function save of the file /api/admin/store/product/save. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223739.Show less
CVE-2023-1608 1Crmeb 1Crmeb Java Nov 21, 2024 Mar 23, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been declared as critical. This vulnerability affects the function getAdminList of the file /api/admin/store/product/list. The manipulation of the ar...Show more A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been declared as critical. This vulnerability affects the function getAdminList of the file /api/admin/store/product/list. The manipulation of the argument cateId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-223738 is the identifier assigned to this vulnerability.Show less
CVE-2023-25223 1Crmeb 1Crmeb Java Mar 5, 2025 Mar 7, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list.