Tophant

#8312of 53,632
33Total CVSS
Vulnerabilities · 4
High
3
Critical
1
PT-2026-1188
7.2
2026-01-04
Crmeb · Crmeb · CVE-2025-15442
**Name of the Vulnerable Software and Affected Versions** CRMEB versions up to 5.6.1 **Description** A flaw exists in CRMEB that could allow for remote code execution. The issue stems from a SQL injection vulnerability within the `/adminapi/export/product list` file. Specifically, manipulating the `cate id` argument can trigger the injection. The vulnerability has been publicly disclosed. **Recommendations** Update to a version beyond 5.6.1.
PT-2026-1189
7.2
2026-01-04
Crmeb · Crmeb · CVE-2025-15443
**Name of the Vulnerable Software and Affected Versions** CRMEB versions prior to 5.6.2 **Description** A flaw exists in CRMEB that could allow for remote code execution. The issue stems from improper handling of the `cate id` argument when processing files through the `/adminapi/product/product export` API endpoint. This can lead to a SQL injection attack. The exploit is publicly available. **Recommendations** Update CRMEB to version 5.6.2 or later.
PT-2025-46977
8.8
2025-11-14
Zzcms · Zzcms · CVE-2025-13171
**Name of the Vulnerable Software and Affected Versions** ZZCMS version 2023 **Description** A flaw exists in ZZCMS 2023 that allows for SQL injection. This occurs through manipulation of the `keyword` argument in the file '/admin/wangkan list.php'. The attack can be initiated remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-3958
9.8
2025-01-19
Zzcms · Zzcms · CVE-2025-0565
**Name of the Vulnerable Software and Affected Versions** ZZCMS version 2023 **Description** A critical issue has been found in the software, specifically a SQL injection flaw. This issue is related to the manipulation of the `id` argument in the "/index.php" file, allowing for remote attacks. The exploit for this issue has been publicly disclosed and is available for use. **Recommendations** As a temporary workaround, consider restricting access to the "/index.php" file until a patch is available. Avoid using the `id` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.