Submit #721915: crmeb v5.6.1 SQL Injectioninfo

Titlecrmeb v5.6.1 SQL Injection
DescriptionCRMEB versions prior to v5.6.1 are affected by a SQL injection vulnerability located in the /adminapi/export/product_list endpoint. This flaw allows authenticated attackers with backend access to execute arbitrary SQL queries by manipulating input parameters, potentially leading to data leakage, privilege escalation, or full database compromise.
Source⚠️ https://github.com/En0t5/vul/blob/main/crmeb/crmeb-export-product_list-SQL.md
User
 Tophant (UID 80370)
Submission12/23/2025 11:29 (6 months ago)
Moderation01/03/2026 19:42 (11 days later)
StatusAccepted
VulDB entry339464 [CRMEB up to 5.6.1 product_list cate_id sql injection]
Points19

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!