Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CRMEB — Vulnerabilities & Security Advisories 19

All 19 CVE vulnerabilities found in CRMEB, with AI-generated Chinese analysis, references, and POCs.

Vendor: Zhong Bang

CVE IDTitleCVSSSeverityPublished
CVE-2026-1734 Zhong Bang CRMEB crontab Endpoint CrontabController.php authorization CWE-862 5.3 Medium2026-02-01
CVE-2026-1733 Zhong Bang CRMEB :uni tidyOrder improper authorization CWE-285 4.3 Medium2026-02-01
CVE-2026-1203 CRMEB JSON Token LoginServices.php remoteRegister improper authentication CWE-287 5.6 Medium2026-01-20
CVE-2026-1202 CRMEB LoginController.php appleLogin improper authentication CWE-287 7.3 High2026-01-20
CVE-2025-15443 CRMEB product_export sql injection CWE-89 4.7 Medium2026-01-04
CVE-2025-15442 CRMEB product_list sql injection CWE-89 4.7 Medium2026-01-04
CVE-2025-11290 CRMEB JWT HMAC Secret hard-coded key CWE-321 5.6 Medium2025-10-05
CVE-2025-11288 CRMEB GET Parameter product sql injection CWE-89 6.3 Medium2025-10-05
CVE-2025-10391 CRMEB OutAccountServices.php testOutUrl server-side request forgery CWE-918 6.3 Medium2025-09-14
CVE-2025-10390 CRMEB UserAddressServices.php editAddress improper authorization CWE-285 5.4 Medium2025-09-14
CVE-2025-10389 CRMEB Administrator Password SystemAdminServices.php save improper authorization CWE-285 5.4 Medium2025-09-14
CVE-2024-6944 ZhongBangKeJi CRMEB PublicController.php get_image_base64 deserialization CWE-502 6.3 Medium2024-07-21
CVE-2024-6943 ZhongBangKeJi CRMEB CopyTaobaoServices.php downloadImage deserialization CWE-502 6.3 Medium2024-07-21
CVE-2024-1704 ZhongBangKeJi CRMEB crud delete path traversal CWE-22 5.5 Medium2024-02-21
CVE-2024-1703 ZhongBangKeJi CRMEB openfile absolute path traversal CWE-36 3.5 Low2024-02-21
CVE-2023-3234 Zhong Bang CRMEB PublicController.php put_image deserialization CWE-502 4.3 Medium2023-06-14
CVE-2023-3233 Zhong Bang CRMEB PublicController.php get_image_base64 server-side request forgery CWE-918 6.3 Medium2023-06-14
CVE-2023-3232 Zhong Bang CRMEB Image Upload app_auth deserialization CWE-502 6.3 Medium2023-06-14
CVE-2023-2419 Zhong Bang CRMEB SystemAttachmentServices.php videoUpload unrestricted upload CWE-434 4.7 Medium2023-04-29

All 19 known CVE vulnerabilities affecting CRMEB with full Chinese analysis, references, and POCs where available.