CVE-2020-21394

HIGH

CRMEB V2.60 and V3.1 - SQL Injection via SystemDatabackup.php tablename Parameter

Title source: llm
STIX 2.1

Description

SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in SystemDatabackup.php.

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0116
EPSS Percentile 63.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (2)
crmeb/crmeb 2.60
crmeb/crmeb 3.1
Published Jun 29, 2021
Tracked Since Feb 18, 2026