.. / CVE-2024-36837

Exploit for CRMEB 5.2.2 - Unauthenticated SQL Injection (CVE-2024-36837)

Description:

SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.

Affected Products:

Proof of Concept

PoC exploits

Nuclei Template

View the template here CVE-2024-36837.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-36837.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-36837
https://github.com/phtcloud-dev/CVE-2024-36837