CNNVD-202510-739 Information

CNNVD ID

CNNVD-202510-739

Related CVE

CVE-2025-11288

• CNNVD Published: 2025-10-05

Description (Chinese)

CRMEB是CRMEB开源的一个 Java 商城系统。 CRMEB 5.6及之前版本存在安全漏洞，该漏洞源于对文件/adminapi/product/product中参数cate_id的错误操作，可能导致SQL注入攻击。

Description (English)

CRMEB is a Java mall system open to CRMEB. There is a security loophole in CRMEB 5.6 and earlier versions, which stems from a mishandling of the parameter Kate id in the document/adminapi/project/project, which could lead to an SQL injection attack.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

CRMEB

Published

2025-10-05

Last Modified

2026-02-24

References

https://vuldb.com/?id.327046 https://vuldb.com/?submit.659736 https://vuldb.com/?ctiid.327046 https://github.com/coolcj-stack/CRMEB-V5.6-SQL-Injection/blob/main/README.md