CNNVD-202601-2865 Information

CNNVD ID

CNNVD-202601-2865

Related CVE

CVE-2021-47811

• CNNVD Published: 2026-01-16

Description (Chinese)

Grocery Crud是Grocery Crud开源的一个软件开发工具。 Grocery Crud 1.6.4版本存在安全漏洞，该漏洞源于order_by参数存在SQL注入，可能导致操纵数据库查询。

Description (English)

Grocery Krud is a software development tool for the Grocery Cruise Open Source. There is a security loophole in version 1.6.4 of Grocery Crud, which originates from the SQL injection of the order by parameter, which could lead to manipulation of the database query.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Grocery Crud

Published

2026-01-16

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/49985 https://www.grocerycrud.com/ https://www.grocerycrud.com/downloads https://www.vulncheck.com/advisories/grocery-crud-orderby-sql-injection

Patch

https://www.grocerycrud.com/docs/download