PT-2026-1189 · Crmeb · Crmeb
Tophant
·
Publicado
2026-01-04
·
Atualizado
2026-01-04
·
CVE-2025-15443
CVSS v3.1
7.2
Alta
| Vetor | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CRMEB versions prior to 5.6.2
Description
A flaw exists in CRMEB that could allow for remote code execution. The issue stems from improper handling of the
cate id argument when processing files through the /adminapi/product/product export API endpoint. This can lead to a SQL injection attack. The exploit is publicly available.Recommendations
Update CRMEB to version 5.6.2 or later.
Exploit
Correção
SQL injection
Special Elements Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Crmeb