25 matches found
CVE-2024-24110
CVE-2024-24110 affects crmeb_java prior to v1.3.4. Affected component is the GET endpoint /api/front/spread/people, where an attacker can trigger an SQL injection to run arbitrary SQL commands. The issue is documented across multiple sources (NVD/Red Hat/OSV) with the same description. Impact is ...
CVE-2024-24110
SQL Injection vulnerability in crmebjava before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people...
CVE-2024-25469
SQL Injection vulnerability in CRMEB crmebjava v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component...
CVE-2024-25469
SQL Injection vulnerability in CRMEB crmebjava v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component...
CVE-2024-25469
CVE-2024-25469 affects CRMEB crmeb_java prior to and including v1.3.4. The vulnerability is a SQL Injection in the api/front/store/list component, exploitable via the latitude and longitude parameters. Impact per sources: potential exposure of sensitive information. Exploitation details are not d...