إرسال #800684: crmeb crmeb_java 1.3.4 Unrestricted Uploadالمعلومات

عنوان	crmeb crmeb_java 1.3.4 Unrestricted Upload
الوصف	CRMEB Java contains an arbitrary file write vulnerability in the admin upload functionality. The model parameter from the upload request is used to construct the final filesystem path without whitelist validation, path normalization.
المصدر	⚠️ https://fx4tqqfvdw4.feishu.cn/docx/EgMOdHyq6oyxhux5vpJcr5cgnAf?from=from_copylink
المستخدم	xcxr (UID 86629)
ارسال	09/04/2026 03:40 AM (2 أشهر منذ)
الاعتدال	02/05/2026 10:22 AM (23 days later)
الحالة	تمت الموافقة
إدخال VulDB	360826 [crmeb_java حتى 1.3.4 Admin Upload UploadServiceImpl.java model تجاوز الصلاحيات]
النقاط	17

Want to know what is going to be exploited?

We predict KEV entries!