CNNVD-202601-794 Information

CNNVD ID

CNNVD-202601-794

Related CVE

CVE-2025-15443

• CNNVD Published: 2026-01-04

Description (Chinese)

CRMEB是CRMEB开源的一个 Java 商城系统。 CRMEB 5.6.1及之前版本存在SQL注入漏洞，该漏洞源于文件/adminapi/product/product_export中参数cate_id的错误操作，可能导致SQL注入攻击。

Description (English)

CRMEB is a Java mall system open to CRMEB. CRMEB 5.6.1 and previous versions had an injection loophole in SQL, which stemmed from the error of the parameter Cate id in the document/adminapi/project/product export, which could lead to an SQL injection attack.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

CRMEB

Published

2026-01-04

Last Modified

2026-02-24

References

https://vuldb.com/?id.339465 https://vuldb.com/?submit.721916 https://vuldb.com/?ctiid.339465 https://github.com/En0t5/vul/blob/main/crmeb/crmeb-product-productExport-SQL.md https://github.com/En0t5/vul/blob/main/crmeb/crmeb-product-productExport-SQL.md#poc https://access.redhat.com/security/cve/cve-2025-15443