| 제목 | crmeb crmeb_java 1.3.4 Unrestricted Upload |
|---|
| 설명 | CRMEB Java contains an arbitrary file write vulnerability in the admin upload functionality. The model parameter from the upload request is used to construct the final filesystem path without whitelist validation, path normalization. |
|---|
| 원천 | ⚠️ https://fx4tqqfvdw4.feishu.cn/docx/EgMOdHyq6oyxhux5vpJcr5cgnAf?from=from_copylink |
|---|
| 사용자 | xcxr (UID 86629) |
|---|
| 제출 | 2026. 04. 09. AM 03:40 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 05. 02. AM 10:22 (23 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 360826 [crmeb_java 까지 1.3.4 Admin Upload UploadServiceImpl.java model 권한 상승] |
|---|
| 포인트들 | 17 |
|---|