Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:crmeb:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Crmeb (4e5db466-b525-500f-98e5-6a1db20dbef1) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-10391 |
vulnerable | 2026-06-08 07:02:26.792445 |
CRMEB OutAccountServices.php testOutUrl server-side request forgery
MEDIUM (6.3)
A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument push_token_url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-09-14T05:02:06.676Z
Updated: 2025-09-15T13:31:48.622Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10390 |
vulnerable | 2026-06-08 07:02:26.791930 |
CRMEB UserAddressServices.php editAddress improper authorization
MEDIUM (5.4)
A weakness has been identified in CRMEB up to 5.6.1. The affected element is the function editAddress of the file app/services/user/UserAddressServices.php. Executing manipulation of the argument ID can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-09-14T04:32:05.427Z
Updated: 2025-09-15T13:32:40.989Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10389 |
vulnerable | 2026-06-08 07:02:26.783902 |
CRMEB Administrator Password SystemAdminServices.php save improper authorization
MEDIUM (5.4)
A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-09-14T04:02:06.069Z
Updated: 2025-09-15T13:33:17.005Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.