| Titel | https://www.crmeb.com/ CRMEB_Java E-commerce System 1.3.4 XML External Entity Injection |
|---|
| Beschreibung | There is a xxe external entity injection vulnerability in ZhongBangKeJi CRMEB-Java E-commerce System, which occurs in the webHook function of WeChatMessageController.java files, which can cause security risks such as arbitrary local file reading and detection of intranet information |
|---|
| Quelle | ⚠️ https://github.com/jmx0hxq/Vulnerability-learning/blob/main/crmeb-java-xxe1.md |
|---|
| Benutzer | jmx0hxq (UID 63891) |
|---|
| Einreichung | 03.03.2025 16:25 (vor 1 Jahr) |
|---|
| Moderieren | 16.03.2025 13:14 (13 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 299864 [crmeb_java bis 1.3.4 WeChatMessageController.java webHook XML External Entity] |
|---|
| Punkte | 17 |
|---|