RSS   Podatności dla 'Crmeb'   RSS

2021-06-29
 
CVE-2020-21394

CWE-89
 
 
SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in SystemDatabackup.php.

 
2021-06-24
 
CVE-2020-21787

CWE-434
 
 
CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.

 
 
CVE-2020-21788

CWE-918
 
 
In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php.

 
2020-10-23
 
CVE-2020-25466

CWE-918
 
 
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.

 

Copyright 2024, cxsecurity.com

 

Back to Top