Every CVE whose affected-product data names Crmeb Crmeb Java, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2024-28714 — CVSS 8.1 (high): SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter.
CVE-2024-25469 — CVSS 7.5 (high): SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the…
CVE-2024-24110 — CVSS 6.5 (medium): SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the…
CVE-2023-1608 — CVSS 6.3 (medium): A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been declared as critical. This vulnerability affects the function…
CVE-2024-33117 — CVSS 5.3 (medium): crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageM…
CVE-2023-1609 — CVSS 3.5 (low): A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been rated as problematic. This issue affects the function save of…