| 标题 | crmeb crmeb_java 1.3.4 Unrestricted Upload |
|---|
| 描述 | CRMEB Java contains an arbitrary file write vulnerability in the admin upload functionality. The model parameter from the upload request is used to construct the final filesystem path without whitelist validation, path normalization. |
|---|
| 来源 | ⚠️ https://fx4tqqfvdw4.feishu.cn/docx/EgMOdHyq6oyxhux5vpJcr5cgnAf?from=from_copylink |
|---|
| 用户 | xcxr (UID 86629) |
|---|
| 提交 | 2026-04-09 03時40分 (2 月前) |
|---|
| 管理 | 2026-05-02 10時22分 (23 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 360826 [crmeb_java 直到 1.3.4 Admin Upload UploadServiceImpl.java model 权限提升] |
|---|
| 积分 | 17 |
|---|