|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-05-20 | |
| Rule Name: | CRMEB SQL Injection Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | CRMEB open source mall system is an open source commercial system. CRMEB open source SQL injection vulnerabilities existing unauthorized electricity system, an attacker can pass/API/admin/system/store/order/list for SQL injection attacks, the vulnerability is due to the system for user input for effective filtering, cobble together directly into the SQL query, This leads to an SQL injection vulnerability. | |
| Impact: | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |