CVE-2025-15442 | CRMEB up to 5.6.1 product_list cate_id sql injection

Inserito da Angelo Barbosa | Gen 3, 2026 | CVE

A vulnerability was found in CRMEB up to 5.6.1. It has been classified as critical. This vulnerability affects unknown code of the file /adminapi/export/product_list. This manipulation of the argument cate_id causes sql injection.

This vulnerability appears as CVE-2025-15442. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15442 | CRMEB up to 5.6.1 product_list cate_id sql injection

Post correlati

CVE-2024-41857 | Adobe Illustrator up to 27.9.5/28.6 integer underflow (apsb24-66)

CVE-2024-8784 | QDocs Smart School Management System 7.0.0 Chat /user/chat/mynewuser users[] sql injection

CVE-2023-49653 | Jira Plugin up to 3.11 on Jenkins Credentials Lookup permission

CVE-2024-21093 | Oracle Database Enterprise Edition up to 19.22/21.13 Java VM information disclosure