CNNVD-202601-803 Information

CNNVD ID

CNNVD-202601-803

Related CVE

CVE-2025-15442

• CNNVD Published: 2026-01-04

Description (Chinese)

CRMEB是CRMEB开源的一个 Java 商城系统。 CRMEB 5.6.1及之前版本存在SQL注入漏洞，该漏洞源于文件/adminapi/export/product_list中参数cate_id的错误操作，可能导致SQL注入攻击。

Description (English)

CRMEB is a Java mall system open to CRMEB. CRMEB 5.6.1 and previous versions have a SQL injection loophole, which stems from the erroneous operation of the parameter Cate id in the document/adminapi/export/project list, which could lead to an SQL injection attack.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

CRMEB

Published

2026-01-04

Last Modified

2026-02-24

References

https://vuldb.com/?submit.721915 https://vuldb.com/?id.339464 https://vuldb.com/?ctiid.339464 https://github.com/En0t5/vul/blob/main/crmeb/crmeb-export-product_list-SQL.md https://github.com/En0t5/vul/blob/main/crmeb/crmeb-export-product_list-SQL.md#poc https://access.redhat.com/security/cve/cve-2025-15442