SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.
References
Link | Resource |
---|---|
https://github.com/phtcloud-dev/CVE-2024-36837 | Third Party Advisory |
Configurations
History
18 Jun 2024, 18:54
Type | Values Removed | Values Added |
---|---|---|
First Time |
Crmeb
Crmeb crmeb |
|
References | () https://github.com/phtcloud-dev/CVE-2024-36837 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-89 | |
CPE | cpe:2.3:a:crmeb:crmeb:5.2.2:*:*:*:*:*:*:* |
17 Jun 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
06 Jun 2024, 14:17
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
05 Jun 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-05 15:15
Updated : 2024-07-03 02:03
NVD link : CVE-2024-36837
Mitre link : CVE-2024-36837
CVE.ORG link : CVE-2024-36837
JSON object : View
Products Affected
crmeb
- crmeb
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')