VYPR
Unrated severityNVD Advisory· Published Jun 5, 2024· Updated Aug 2, 2024

CVE-2024-36837

CVE-2024-36837

Description

SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.

Affected products

2
  • Crmeb/Crmebcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 5.2.2

Patches

Vulnerability mechanics

News mentions

0

No linked articles in our index yet.