| Titel | crmeb crmeb_java 1.3.4 Unrestricted Upload |
|---|
| Beschreibung | CRMEB Java contains an arbitrary file write vulnerability in the admin upload functionality. The model parameter from the upload request is used to construct the final filesystem path without whitelist validation, path normalization. |
|---|
| Quelle | ⚠️ https://fx4tqqfvdw4.feishu.cn/docx/EgMOdHyq6oyxhux5vpJcr5cgnAf?from=from_copylink |
|---|
| Benutzer | xcxr (UID 86629) |
|---|
| Einreichung | 09.04.2026 03:40 (vor 2 Monaten) |
|---|
| Moderieren | 02.05.2026 10:22 (23 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 360826 [crmeb_java bis 1.3.4 Admin Upload UploadServiceImpl.java model erweiterte Rechte] |
|---|
| Punkte | 17 |
|---|