CVE-2024-36837
Closed this issue · 2 comments
phtcloud-dev commented
CVE-ID
SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.
Description
SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.
pk2993635720 commented
这是来自QQ邮箱的假期自动回复邮件。你好,我最近正在休假中,无法亲自回复你的邮件。我将在假期结束后,尽快给你回复。
sugar1569 commented
Thank you very much for your feedback!
…------------------ 原始邮件 ------------------
发件人: "crmeb/CRMEB" ***@***.***>;
发送时间: 2024年6月13日(星期四) 凌晨2:43
***@***.***>;
***@***.***>;
主题: [crmeb/CRMEB] CVE-2024-36837 (Issue #87)
CVE-ID
CVE-2024-36837
SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.
https://7nkdkj-my.sharepoint.com/:w:/g/personal/krypt0n_7nkdkj_onmicrosoft_com/Ea8dW8YuldRMqgCy7KHjnxABTJCVPLShHIJfqQk684mD3A?e=0qmN7t
Description
SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>