Description

CRMEB has an SQL Injection vulnerability that allows unauthenticated attackers to gain access to sensitive data and compromise the system.

Remediation

Upgrade to the latest version of CRMEB

References

CVE-2024-36837

Related Vulnerabilities

silverstripeCMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-5088)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-25145)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-3169)

Jetty Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2009-5047)

WebLogic Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2020-8908)

Severity

High

Classification

CVE-2024-36837 CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

SQL Injection Known Vulnerabilities