A security flaw has been discovered in CRMEB up to 5.6. This issue affects some unknown processing of the file /adminapi/product/product of the component GET Parameter Handler. Performing manipulation of the argument cate_id results in SQL injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond.
CVE-2025-11288
🟡 Medium
CVE-2025-11288: Security flaw in CRMEB (versions up to 5.6)
A security flaw in CRMEB up to version 5.6 can lead to SQL injection via the file /adminapi/product/product. Remote exploitation is feasible.
CVE ID
CVE-2025-11288
CVSS Score
6.3
Vendor
unknown
Published
Oct 05
Vulnerability Details
- CVE ID
- CVE-2025-11288
- Severity
- Medium
- CVSS v3 Score
- 6.3 / 10.0
- Affected Vendor
- unknown
- Publication Date
- October 05, 2025
External Resources
Need Help?
Protect your infrastructure with our comprehensive security scanning tools.
Explore Security Scanners