crmeb/crmeb_java

crmeb/crmeb_java

Releases1

Frequency

Last Release over 3 years ago

Stars2.79K

Java商城免费开源 CRMEB商城JAVA版，SpringBoot + Maven + Swagger + Mybatis Plus + Redis + Uniapp +Vue+elementUI 包含移动端、小程序、PC后台、Api接口；有产品、用户、购物车、订单、积分、优惠券、营销、余额、权限、角色、系统设置、组合数据、可拖拉拽的form表单等模块，大量的减少了二开的成本。

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-10771 ↗	Jun 3, 2026Wednesday, 3 June 2026, 22:16	7.3 HIGH	7.5 HIGH
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request forgery. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2024-24110 ↗	Mar 21, 2024Thursday, 21 March 2024, 02:52	6.5 MEDIUM	—
SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people.
CVE-2024-25469 ↗	Feb 23, 2024Friday, 23 February 2024, 23:15	7.5 HIGH	—
SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component.
CVE-2023-1608 ↗	Mar 23, 2023Thursday, 23 March 2023, 20:15	6.3 MEDIUM	6.5 MEDIUM
A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been declared as critical. This vulnerability affects the function getAdminList of the file /api/admin/store/product/list. The manipulation of the argument cateId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-223738 is the identifier assigned to this vulnerability.
CVE-2023-1609 ↗	Mar 23, 2023Thursday, 23 March 2023, 20:15	3.5 LOW	4 MEDIUM
A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been rated as problematic. This issue affects the function save of the file /api/admin/store/product/save. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223739.
CVE-2023-25223 ↗	Mar 7, 2023Tuesday, 7 March 2023, 17:15	7.2 HIGH	—
CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list.
CVE-2023-1165 ↗	Mar 3, 2023Friday, 3 March 2023, 08:15	5.5 MEDIUM	5.2 MEDIUM
A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-222261 was assigned to this vulnerability.