PT-2026-36672 · Unknown · Crmeb Java
Xcxr
·
Published
2026-05-03
·
Updated
2026-05-03
·
CVE-2026-7673
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:L/Au:M/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
crmeb java versions prior to 1.3.5
Description
An unrestricted file upload issue exists within the Admin Upload component, specifically affecting the file
crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java. Manipulation of the model argument allows for remote exploitation, enabling the upload of unrestricted files.Recommendations
Update to a version later than 1.3.4.
As a temporary workaround, restrict access to the Admin Upload component or the
UploadServiceImpl.java functionality to minimize the risk of exploitation.Exploit
Fix
Improper Access Control
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Crmeb Java