Submit #800684: crmeb crmeb_java 1.3.4 Unrestricted Uploadinfo

Titlecrmeb crmeb_java 1.3.4 Unrestricted Upload
DescriptionCRMEB Java contains an arbitrary file write vulnerability in the admin upload functionality. The model parameter from the upload request is used to construct the final filesystem path without whitelist validation, path normalization.
Source⚠️ https://fx4tqqfvdw4.feishu.cn/docx/EgMOdHyq6oyxhux5vpJcr5cgnAf?from=from_copylink
User
 xcxr (UID 86629)
Submission04/09/2026 03:40 (3 months ago)
Moderation05/02/2026 10:22 (23 days later)
StatusAccepted
VulDB entry360826 [crmeb_java up to 1.3.4 Admin Upload UploadServiceImpl.java model unrestricted upload]
Points17

Do you want to use VulDB in your project?

Use the official API to access entries easily!