CVE-2024-52726

HIGH

crmeb 5.4.0 - Arbitrary File Read via save_basics Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-52726. PoCs published by iSee857.

AI-analyzed exploit summary The repository contains a functional exploit PoC for CVE-2024-52726, targeting CRMEB with an arbitrary file read vulnerability. The script demonstrates the vulnerability by sending crafted requests to read files from the target system.

Description

CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attacker to obtain sensitive information

Exploits (1)

github WORKING POC 40 stars

by iSee857 · pythonpoc

https://github.com/iSee857/CVE-PoC/tree/main/CRMEB_CVE-2024-52726_ReadAnyFile.py

View Code ZIP pw:eip

The repository contains a functional exploit PoC for CVE-2024-52726, targeting CRMEB with an arbitrary file read vulnerability. The script demonstrates the vulnerability by sending crafted requests to read files from the target system.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: CRMEB

No auth needed

Prerequisites: network access to the target · CRMEB instance with the vulnerability

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory

https://gist.github.com/sec-Kode/bb71138619b22de28c6b0ba986ad58e5

Broken Link

https://github.com/sec-Kode/cve3/blob/main/cve3.md

Scores

CVSS v3 7.5

EPSS 0.0160

EPSS Percentile 72.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-125

Status published

Products (1)

crmeb/crmeb 5.4.0

Published Nov 22, 2024

Tracked Since Feb 18, 2026