CyberSec.Space Logo
Back to CVE Browser

CVE-2020-21394

HIGH
8.8
CVSS Severity Score
EPSS Score0.0280%
EPSS Percentile27.64th
PublishedJun 29, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in SystemDatabackup.php.

Affected Platforms (CPE)

📦
Crmeb

Crmeb

= 2.60
📦
Crmeb

Crmeb

= 3.1

References & Advisories

🔗 https://github.com/mumu0215/cve_reference/blob/master/CRMEB_system.md
🔗 https://github.com/mumu0215/cve_reference/blob/master/CRMEB_system.md

Related Vulnerabilities

CVE-2020-254669.8

A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server...

CVE-2020-217879.8

CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.

CVE-2020-217884.3

In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app...

CVE-2020-696610.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...