Jiangxiaobaijia

**Name of the Vulnerable Software and Affected Versions** CRMEB Java e-commerce system version 1.3.4 **Description** The issue allows an attacker to execute arbitrary code via the `groupid` parameter, potentially leading to unauthorized access and data manipulation. **Recommendations** For CRMEB Java e-commerce system version 1.3.4, consider restricting access to the `groupid` parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.