COOEY // HUBcompliance · community · intelligence

FAIL › dossier

crmeb vendor

2
failure events
0
zero-days
2
RCEs
0
on KEV
2
critical
50
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 4 events

DateEventSevFlagsShameSummary
2023-05-08 CVE-2023-30185 critical ⚡RCE 50 CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php.
2023-05-08 CVE-2023-30185 critical ⚡RCE 50 CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php.
2020-10-23 CVE-2020-25466 critical ⚡RCE 50 A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.
2020-10-23 CVE-2020-25466 critical ⚡RCE 50 A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.

Sentiment · trusted sources