Crmeb: community verdicts
3 notable / known-exploited Crmeb CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Crmeb CVE, see NVD ↗.
- CVE-2020-25466CRIT 9.8Real · low riskEPSS 3%
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.
- CVE-2023-30185CRIT 9.8Real · low riskEPSS 1%
CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php.
- CVE-2024-28714HIGH 8.1Real · low riskEPSS 1%
SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter.