| Title | https://www.crmeb.com/ CRMEB_Java E-commerce System 1.3.4 XML External Entity Injection |
|---|
| Description | There is a xxe external entity injection vulnerability in ZhongBangKeJi CRMEB-Java E-commerce System, which occurs in the webHook function of WeChatMessageController.java files, which can cause security risks such as arbitrary local file reading and detection of intranet information |
|---|
| Source | ⚠️ https://github.com/jmx0hxq/Vulnerability-learning/blob/main/crmeb-java-xxe1.md |
|---|
| User | jmx0hxq (UID 63891) |
|---|
| Submission | 03/03/2025 16:25 (1 Year ago) |
|---|
| Moderation | 03/16/2025 13:14 (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 299864 [crmeb_java up to 1.3.4 WeChatMessageController.java webHook xml external entity reference] |
|---|
| Points | 17 |
|---|