| Title | sql injection exists in crmeb_java CMS |
|---|
| Description | There is an SQL injection vulnerability in the crmeb_java system (/api/admin/system/store/order/list) interface.
/api/admin/system/store/order/list 接口存在SQL注入
其中keywords参数存在sql注入的问题。
There is a SQL injection vulnerability with the keywords parameter.
keywords字符串拼接导致存在SQL注入
There is an SQL injection vulnerability due to the string concatenation of the keywords. |
|---|
| Source | ⚠️ https://github.com/crmeb/crmeb_java/issues/10 |
|---|
| User | ha1yu (UID 41794) |
|---|
| Submission | 02/25/2023 10:14 (3 years ago) |
|---|
| Moderation | 03/03/2023 08:00 (6 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 222261 [Zhong Bang CRMEB Java 1.3.4 list keywords sql injection] |
|---|
| Points | 20 |
|---|