📦 Crmeb
by Crmeb
🔍 What is Crmeb?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2025-25763 is a SQL injection vulnerability in crmeb CRMEB-KY software that allows attackers to execute arbitrary SQL commands through the getRead() function in SystemDatabackupServices.php. This ...
CRMEB versions 3.1.0+ contain an unrestricted file upload vulnerability in the UploadService.php component that allows attackers to upload malicious files and execute arbitrary code on the server. Thi...
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in CRMEB 3.0's downloadimage interface that allows attackers to download arbitrary files from the server and potentially execute r...
This vulnerability allows remote attackers to bypass authentication in CRMEB systems by manipulating the openId parameter in the appleLogin function. Attackers can gain unauthorized access without val...
This SQL injection vulnerability in CRMEB v5.2.2 allows remote attackers to execute arbitrary SQL commands through the getProductList function. Attackers can potentially extract sensitive database inf...
This vulnerability allows unauthorized remote access to the crontab endpoint in Zhong Bang CRMEB versions up to 5.6.3. Attackers can exploit this missing authorization flaw to potentially execute unau...
This CVE describes an improper authorization vulnerability in Zhong Bang CRMEB's store integration API endpoint. Attackers can manipulate the order_id parameter to access unauthorized order details re...
This vulnerability allows attackers to bypass authentication in CRMEB systems by manipulating the uid parameter in the remoteRegister function. It affects CRMEB versions up to 5.6.3, potentially allow...
This SQL injection vulnerability in CRMEB allows attackers to manipulate database queries through the cate_id parameter in the product export endpoint. It affects CRMEB installations up to version 5.6...
This SQL injection vulnerability in CRMEB allows attackers to manipulate database queries through the cate_id parameter in the product export endpoint. It affects CRMEB installations up to version 5.6...
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in CRMEB versions up to 5.6.1. Attackers can manipulate the push_token_url parameter in the testOutUrl function to make the server...
CRMEB versions up to 5.6.1 contain an improper authorization vulnerability in the editAddress function that allows attackers to manipulate address IDs. This enables unauthorized modification of user a...
This vulnerability in CRMEB allows attackers to manipulate administrator password reset functionality to gain unauthorized access. It affects CRMEB installations up to version 5.6.1 with the administr...
This critical vulnerability in ZhongBangKeJi CRMEB allows remote attackers to execute arbitrary code through deserialization of untrusted data in the get_image_base64 function. Affected systems includ...
This CVE describes a critical remote code execution vulnerability in ZhongBangKeJi CRMEB e-commerce platform. Attackers can exploit insecure deserialization in the downloadImage function to execute ar...