Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

CRMEB SQL Injection (CVE-2024-36837)

Description

CRMEB has an SQL Injection vulnerability that allows unauthenticated attackers to gain access to sensitive data and compromise the system.

Remediation

Upgrade to the latest version of CRMEB

References

Related Vulnerabilities

MySQL CVE-2019-2536 Vulnerability (CVE-2019-2536)

MySQL CVE-2018-2696 Vulnerability (CVE-2018-2696)

MySQL CVE-2016-5609 Vulnerability (CVE-2016-5609)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-23129)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-6113)

Severity

High

Classification

CVE-2024-36837 CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

SQL Injection Known Vulnerabilities