SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.
View the template here CVE-2024-36837.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-36837