提交 #829415: DedeCMS DedeCMS Content Management System V5.7.88 SQL Injection信息

标题DedeCMS DedeCMS Content Management System V5.7.88 SQL Injection
描述A Medium-severity SQL Injection vulnerability exists in the carbuyaction.php component of DedeCMS, affecting versions: V5.7.88. The vulnerability is located in the shopping cart checkout function, where user-controlled shipping information parameters (postname, address, email, des) are only processed by the RemoveXSS() and cn_substrR() functions. The RemoveXSS() function (located in include/helpers/filter.helper.php line 69) is designed to filter XSS attack vectors (e.g., control characters) and does not escape SQL special characters. These unescaped parameters are directly concatenated into INSERT SQL statements for the #@__shops_userinfo table at lines 190-192. Additionally, the $val['title'] (product title) parameter in the INSERT statement for the #@__shops_products table (lines 187-188) is also not subject to SQL escaping. Example payloads (POST request, any of the following parameters): 1. Using postname parameter: POST /plus/carbuyaction.php Parameter: postname=test' UNION SELECT 1,2,admin,pwd FROM dede_admin-- - 2. Using des parameter: POST /plus/carbuyaction.php Parameter: des=test' UNION SELECT 1,2,admin,pwd FROM dede_admin-- - Successful exploitation allows unauthenticated remote attackers to execute arbitrary SQL queries, extract sensitive data (including administrator credentials), and manipulate database records related to orders, user information, and products. This vulnerability is fully exploitable as the application fails to implement proper SQL escaping for user-controlled input in the checkout process. Vulnerability code location: carbuyaction.php lines 178-193, where user-controlled parameters are directly concatenated into INSERT SQL queries without proper SQL protection.
用户
 R21Z20 (UID 97129)
提交2026-05-14 07時25分 (24 日前)
管理2026-06-02 13時30分 (19 days later)
状态已接受
VulDB条目367915 [DedeCMS 5.7.88 /plus/carbuyaction.php RemoveXSS postname/des SQL注入]
积分17

上一步一览下一步

Want to know what is going to be exploited?

We predict KEV entries!