CVE-2025-15442

Name of the Vulnerable Software and Affected Versions CRMEB versions up to 5.6.1

Description A flaw exists in CRMEB that could allow for remote code execution. The issue stems from a SQL injection vulnerability within the /adminapi/export/product list file. Specifically, manipulating the cate id argument can trigger the injection. The vulnerability has been publicly disclosed.

Recommendations Update to a version beyond 5.6.1.