CVE-2025-15443

CRMEB up to 5.6.1 contains a SQL injection in the adminapi/product/product_export endpoint via manipulated cate_id during request processing. The issue is remotely exploitable with a publicly available exploit; affected versions are 5.6.1 and earlier. Remediation per PT security notes is to upgra...