Shenzhen Ruiming Technology Streamax Crocus MemoryState.do query sql injection

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This affects the function Query of the file /MemoryState.do?Action=Query. The manipulation of the argument orderField leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-11910

Source VulDB

Published Oct 17, 2025 at 19:32

Modified Oct 17, 2025 at 19:50

Affected Product

Vendor Shenzhen Ruiming Technology

Product Streamax Crocus

Version 1.3.40

Affected Versions Shenzhen Ruiming Technology Streamax Crocus 1.3.40

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This affects the function Query of the file /MemoryState.do?Action=Query. The manipulation of the argument orderField leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-10-17T19:32:05.414Z",
    "modified": "2025-10-17T19:50:30.878Z",
    "type": "cve",
    "title": "Shenzhen Ruiming Technology Streamax Crocus MemoryState.do query sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.328920\nhttps://vuldb.com/?ctiid.328920\nhttps://vuldb.com/?submit.671437\nhttps://github.com/FightingLzn9/vul/blob/main/%E6%B7%B1%E5%9C%B3%E5%B8%82%E9%94%90%E6%98%8E%E6%8A%80%E6%9C%AF%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8Crocus%E7%B3%BB%E7%BB%9F-3.md",
    "id": "CVE-2025-11910",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Shenzhen Ruiming Technology Streamax Crocus 1.3.40",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Streamax Crocus",
    "version": "1.3.40",
    "vendor": "Shenzhen Ruiming Technology",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Shenzhen Ruiming Technology Streamax Crocus MemoryState.do query sql injection_CVE-2025-11910