Submeter #800684: crmeb crmeb_java 1.3.4 Unrestricted Uploadinformação

Títulocrmeb crmeb_java 1.3.4 Unrestricted Upload
DescriçãoCRMEB Java contains an arbitrary file write vulnerability in the admin upload functionality. The model parameter from the upload request is used to construct the final filesystem path without whitelist validation, path normalization.
Fonte⚠️ https://fx4tqqfvdw4.feishu.cn/docx/EgMOdHyq6oyxhux5vpJcr5cgnAf?from=from_copylink
Utilizador
 xcxr (UID 86629)
Submissão09/04/2026 03h40 (há 2 meses)
Moderação02/05/2026 10h22 (23 days later)
EstadoAceite
Entrada VulDB360826 [crmeb_java até 1.3.4 Admin Upload UploadServiceImpl.java model Elevação de Privilégios]
Pontos17

VoltarVisão GeralPróximo

Want to know what is going to be exploited?

We predict KEV entries!