CRMEB SQL Injection Vulnerability in Product Export API

A SQL injection vulnerability has been identified in CRMEB versions prior to 5.6.1. The issue resides in the product_export endpoint of the admin API, specifically within the cate_id parameter. This vulnerability allows authenticated attackers with backend access to manipulate the input and execute arbitrary SQL queries. The exploitation could lead to unauthorized data access, privilege escalation, or a complete database compromise.

Impact

Exploitation of this vulnerability allows for SQL injection, which could be used to execute arbitrary SQL commands. This could result in unauthorized data access, data manipulation, or a complete compromise of the database.

Reproduction

To reproduce this vulnerability, log into the CRMEB backend and navigate to the product_export API endpoint. Replace the Authorization header with a valid token. Then, send a GET request with a crafted cate_id parameter that exploits the SQL injection vulnerability. This can be done by using a payload that manipulates the SQL query execution, such as one that leverages boolean-based SQL injection techniques.