3 matches found
Exploit for SQL Injection in Crmeb
README.md CVE-2024-36837 Disclaimer Zhilianyunca...
Exploit for SQL Injection in Crmeb
CVE-2024-36837 / CNVD-2024-30128 POC write URL in url.txt and...
CVE-2024-36837
CRMEB v5.2.2 is affected by a SQL Injection in the getProductList function of ProductController.php. The issue arises from unvalidated input in the selectId/parameters, enabling an attacker to craft queries that may reveal sensitive data. Public templates and PoCs exist (e.g., CRMEB 5.2.2 SQL Inj...