CVE-2026-4910 | Shenzhen Ruiming Technology Streamax Crocus up to 1.3.44 Endpoint /RemoteFormat.do State sql injection

Inserito da Angelo Barbosa | Mar 26, 2026 | CVE

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus up to 1.3.44. It has been declared as critical. Affected is an unknown function of the file /RemoteFormat.do of the component Endpoint. Such manipulation of the argument State leads to sql injection.

This vulnerability is referenced as CVE-2026-4910. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4910 | Shenzhen Ruiming Technology Streamax Crocus up to 1.3.44 Endpoint /RemoteFormat.do State sql injection

Post correlati

CVE-2025-12539 | TNC Toolbox Plugin up to 1.4.2 on WordPress cPanel API save_settings information disclosure

CVE-2025-7486 | Ebook Store Plugin up to 5.8012 on WordPress Order Details cross site scripting

CVE-2023-48768 | CodeAstrology Button for WooCommerce Plugin up to 1.1.9 on WordPress wqpmb_form_submit cross-site request forgery

CVE-2024-10548 | wedevs WP Project Manager Plugin up to 2.6.15 on WordPress Project Task List task-lists information disclosure