CVE-2026-7673 | crmeb_java up to 1.3.4 Admin Upload UploadServiceImpl.java model unrestricted upload

A vulnerability has been found in crmeb_java up to 1.3.4 and classified as critical. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of the component Admin Upload. Performing a manipulation of the argument model results in unrestricted upload.

This vulnerability is known as CVE-2026-7673. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-7673 | crmeb_java up to 1.3.4 Admin Upload UploadServiceImpl.java model unrestricted upload

Post correlati

CVE-2025-5871 | Papendorf SOL Connect Center 3.3.0.0 Web Interface missing authentication

CVE-2024-1415 | Responsive Contact Form Builder & Lead Generation Plugin cross-site request forgery

CVE-2024-12133 | GnuTLS libtasn1 up to 4.19.x Set Of Element denial of service

CVE-2026-2012 | itsourcecode Student Management System 1.0 index.php ID sql injection