Product
crmeb
37 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-1734
CVE-2026-1733
CVE-2026-1203
CVE-2026-1202
CVE-2025-15443
CVE-2025-15442
CVE-2025-11290
CVE-2025-11288
CVE-2025-10391
CVE-2025-10390
CVE-2025-10389
CVE-2025-25763
CVE-2024-52726
CVE-2024-50653
CVE-2024-6944
CVE-2024-6943
CVE-2024-36837
CVE-2024-33117
CVE-2024-28714
CVE-2024-24110
CVE-2024-25469
CVE-2024-1704
CVE-2024-1703
CVE-2023-3234
CVE-2023-3233
CVE-2023-3232
CVE-2023-30185
CVE-2023-2419
CVE-2023-1609
CVE-2023-1608
CVE-2023-25223
CVE-2023-1165
CVE-2022-44343
CVE-2020-21394
CVE-2020-21788
CVE-2020-21787
CVE-2020-25466
<= 5.6.3
A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app
<= 5.6.3
A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_
<= 5.6.3
A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function remoteRegister of the file crmeb/app/ser
<= 5.6.3
A security flaw has been discovered in CRMEB up to 5.6.3. The affected element is the function appleLogin of the file crmeb/app/ap
<= 5.6.1
A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/prod
<= 5.6.1
A vulnerability was determined in CRMEB up to 5.6.1. This vulnerability affects unknown code of the file /adminapi/export/product_
<= 5.6.1
A vulnerability was identified in CRMEB up to 5.6.1. This affects an unknown function of the component JWT HMAC Secret Handler. Su
<= 5.6
A security flaw has been discovered in CRMEB up to 5.6. This issue affects some unknown processing of the file /adminapi/product/p
<= 5.6.1
A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/s
<= 5.6.1
A weakness has been identified in CRMEB up to 5.6.1. The affected element is the function editAddress of the file app/services/use
<= 5.6.1
A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/Syst
all versions
crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at getRead() in /system/SystemDatabackupServices.php
all versions
CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attacker to obtain sensitive informa
<= 5.4.0
CRMEB <=5.4.0 is vulnerable to Incorrect Access Control. Users can bypass the front-end restriction of only being able to claim co
<= 5.4.0
A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this issue is the function ge
<= 5.4.0
A vulnerability has been found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this vulnerability is th
all versions
SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList funct
all versions
crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.
< 1.3.4
SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid p
< 1.3.4
SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to
all versions
SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via th
all versions
A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been declared as critical. This vulnerability affects the function
all versions
A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile
<= 4.6.0
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been declared as problematic. Affected by this vulnerability is
<= 4.6.0
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been classified as critical. Affected is the function get_image_
<= 4.6.0
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical. This issue affects some unknown processing o
>= 4.4.0 and <= 4.6.0
CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachment
all versions
A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been declared as critical. This vulnerability affects the function vid
<= 1.3.4
A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been rated as problematic. This issue affects the function
<= 1.3.4
A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been declared as critical. This vulnerability affects the f
<= 1.3.4
CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list.
all versions
A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the
all versions
CRMEB 4.4.4 is vulnerable to Any File download.
all versions
SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in Syst
all versions
In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app
all versions
CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.
all versions
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server