There is a sql injection vulnerability in the crmeb_java system /api/front/store/list

[Suggested description]
There is a SQL Injection vulnerability in crmeb_java <=1.3.4, caused by the param sortKey which is in ${} format and isn't strictly filtered.

[Vulnerability Type]
SQLi

[Vendor of Product]
https://github.com/crmeb/crmeb_java

[Affected Product Code Base]
<=1.3.4

[Affected Component]
/api/front/store/list

[Attack Type]
Remote

[Vulnerability details]
![image](https://github.com/crmeb/crmeb_java/assets/39017274/d067419d-e538-47b3-b1e1-6b2675ea00a9)

![image](https://github.com/crmeb/crmeb_java/assets/39017274/c286f4af-7b11-4eae-ba06-0c52b9871881)
[Impact Code execution]
true
[Cause of vulnerability]
The interface `/api/front/store/list` call the function `getNearList`
![image](https://github.com/crmeb/crmeb_java/assets/39017274/8a359c83-c175-4dfd-9693-1897329dc397)
function `getNearList` will be called when inputing both `latitude` and `longitude` parameters. 
![image](https://github.com/crmeb/crmeb_java/assets/39017274/7d258ab8-3e14-4411-93a8-1572f1796ab5)
The `latitude` and `longitude` parameters are used in ${} format and it will be joined to the sql string directly.
![image](https://github.com/crmeb/crmeb_java/assets/39017274/f4d79545-88d1-45f4-bac8-8dc7614bd702)




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

There is a sql injection vulnerability in the crmeb_java system /api/front/store/list #20

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

There is a sql injection vulnerability in the crmeb_java system /api/front/store/list #20

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions