CVE-2025-15443

A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/productexport. Such manipulation of the argument cateid leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. T...

CVE-2025-15443

A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/productexport. Such manipulation of the argument cateid leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. T...

CVE-2025-15443 CRMEB product_export sql injection

A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/productexport. Such manipulation of the argument cateid leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. T...

CVE-2025-15443 CRMEB product_export sql injection

A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/productexport. Such manipulation of the argument cateid leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. T...

CVE-2025-15443

CRMEB up to 5.6.1 contains a SQL injection in the adminapi/product/product_export endpoint via manipulated cate_id during request processing. The issue is remotely exploitable with a publicly available exploit; affected versions are 5.6.1 and earlier. Remediation per PT security notes is to upgra...

EUVD-2026-0778

A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/productexport. Such manipulation of the argument cateid leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. T...

CVE-2025-15442

A vulnerability was determined in CRMEB up to 5.6.1. This vulnerability affects unknown code of the file /adminapi/export/productlist. This manipulation of the argument cateid causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...

PT-2026-1189

Name of the Vulnerable Software and Affected Versions CRMEB versions prior to 5.6.2 Description A flaw exists in CRMEB that could allow for remote code execution. The issue stems from improper handling of the cate id argument when processing files through the /adminapi/product/product export API...

Products & Order Export for WooCommerce < 2.0.9 - Missing Authorization

Description The plugin is vulnerable to unauthorized access due to missing capability checks on the algwcexportadminproductpreview and algwcexportadminproductchangedatefilter functions in all versions up to, and including, 2.0.7. This makes it possible for authenticated attackers, with...