exploitDog

CVE-2024-25469

Опубликовано: 23 фев. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component.

Ссылки

https://github.com/crmeb/crmeb_java/
Product
https://github.com/crmeb/crmeb_java/issues/20
Exploit
Issue Tracking
Third Party Advisory
https://github.com/crmeb/crmeb_java/
Product
https://github.com/crmeb/crmeb_java/issues/20
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:crmeb:crmeb_java:1.3.4:*:*:*:*:*:*:*

EPSS

Процентиль: 14%

0.00045

Низкий

7.5 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-5g9g-vh54-q73c

CVSS3: 7.5

github

почти 2 года назад

SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component.

EPSS

Процентиль: 14%

0.00045

Низкий

7.5 High

CVSS3

Дефекты

CWE-89