CVE-2025-25763 PoC — ZhongBangKeJi CRMEB SQL注入漏洞

Source

https://github.com/J-0k3r/CVE-2025-25763

Associated Vulnerability

Title:ZhongBangKeJi CRMEB SQL注入漏洞 (CVE-2025-25763)
Description:ZhongBangKeJi CRMEB是中国众邦科技（ZhongBangKeJi）公司的一套开源的电商管理系统。 ZhongBangKeJi CRMEB v5.4.0及之前版本存在安全漏洞，该漏洞源于/system/SystemDatabackupServices.php中的getRead函数容易受到SQL注入攻击。

Readme

[description]
crmeb <= CRMEB-KY v5.4.0 have sql injection at getRead() in file app/services/system/SystemDatabackupServices.php
[Vulnerability Type]
SQL Injection
[Vendor of Product]
https://www.crmeb.com/
[Affected Product Code Base]
crmeb - <= CRMEB-KY v5.4.0
[Affected Component]
crmeb <= CRMEB-KY v5.4.0 have sql injection at  getRead() in file app/services/system/SystemDatabackupServices.php
[Attack Type]
Remote
[Impact Code execution]
true
[Impact Information Disclosure]
true
[Discoverer]
J_0k3r

File Snapshot


 [4.0K]  /data/pocs/d31870ae0bec1685fe63deca93490f62c98bd4b2
├── [ 505]  README.md
└── [1.7M]  sql.pdf

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!