CNNVD-202601-4932 Information
CNNVD ID
CNNVD-202601-4932
Related CVE
- CNNVD Published: 2026-01-29
Description (Chinese)
CodexCube Ultimate Project Manager CRM PRO是CodexCube公司的一个全流程业务管理平台。 CodexCube Ultimate Project Manager CRM PRO 2.0.5版本存在SQL注入漏洞,该漏洞源于/frontend/get_article_suggestion/端点存在盲SQL注入,可能导致提取用户凭据。
Description (English)
CodexCube Ultimate Project Manager CRM PRO is a full-process business management platform for CodexCube. The CodexCube Ultimate Project Project Manager CRM PRO 2.0.5 has an injection loophole in SQL, which stems from the blind SQL injection at/frontend/get article sugration/end point, which may lead to the extraction of user documents.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
CodexCube
Published
2026-01-29
Last Modified
2026-02-24
References
https://ultimatepro.codexcube.com/ https://www.exploit-db.com/exploits/48912 https://www.vulncheck.com/advisories/ultimate-project-manager-crm-pro-sqli-credentials-leakage
Share on: