FAIL › dossier
Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2023-05-08 | CVE-2023-30185 | critical | ⚡RCE | 50 | CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php. |
| 2023-05-08 | CVE-2023-30185 | critical | ⚡RCE | 50 | CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php. |
| 2020-10-23 | CVE-2020-25466 | critical | ⚡RCE | 50 | A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code. |
| 2020-10-23 | CVE-2020-25466 | critical | ⚡RCE | 50 | A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code. |
“A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.”
“CISA Known Exploited Vulnerabilities (KEV) is an initiative that identifies and publishes a list of known exploited vulnerabilities.”
“Because each KEV entry carries direct evidence of active exploitation, the catalog is one of the highest-signal inputs for risk-based patch management.”