CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php.
{ "versions": [ { "introduced": "4.4.0" }, { "last_affected": "4.6.0" } ] }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-30185.json"