PT-2025-40801 · Crmeb · Crmeb
Blackspdier
+1
·
Published
2025-10-05
·
Updated
2026-02-24
·
CVE-2025-11288
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CRMEB versions prior to 5.7
Description
A security flaw exists in CRMEB that allows for SQL injection. The issue is related to the processing of the
cate id argument within the GET Parameter Handler component, specifically in the file '/adminapi/product/product'. Remote exploitation is possible through manipulation of this parameter. The exploit has been publicly released. The vendor was notified but did not respond.Recommendations
Update CRMEB to version 5.7 or later.
Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Crmeb