| Название | crmeb crmeb_java 1.3.4 Unrestricted Upload |
|---|
| Описание | CRMEB Java contains an arbitrary file write vulnerability in the admin upload functionality. The model parameter from the upload request is used to construct the final filesystem path without whitelist validation, path normalization. |
|---|
| Источник | ⚠️ https://fx4tqqfvdw4.feishu.cn/docx/EgMOdHyq6oyxhux5vpJcr5cgnAf?from=from_copylink |
|---|
| Пользователь | xcxr (UID 86629) |
|---|
| Представление | 09.04.2026 03:40 (2 месяцы назад) |
|---|
| Модерация | 02.05.2026 10:22 (23 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 360826 [crmeb_java до 1.3.4 Admin Upload UploadServiceImpl.java model эскалация привилегий] |
|---|
| Баллы | 17 |
|---|