CVE-2025-15443 CRMEB product_export sql injection

A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/productexport. Such manipulation of the argument cateid leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. T...

PT-2026-1189

Name of the Vulnerable Software and Affected Versions CRMEB versions prior to 5.6.2 Description A flaw exists in CRMEB that could allow for remote code execution. The issue stems from improper handling of the cate id argument when processing files through the /adminapi/product/product export API...