| عنوان | Shenzhen Sixun Software Co., Ltd. Sixun Shangqi 10 Business Management System Sixun Shangqi 10 SQL Injection |
|---|
| الوصف | A high-risk unauthenticated SQL Jection vulnerability exists in the /api/Dinner/PayConfig endpoint of Sixun Shangqi 10 Business Management System. The application fails to properly sanitize or validate the tableno parameter. An unauthenticated remote attacker can send a specially crafted request containing SQL payloads, which are executed by the backend database.
Successful exploitation allows the attacker to perform time-based blind SQL injection, infer database information, and potentially access or modify sensitive business data. |
|---|
| المصدر | ⚠️ https://ucn9h68n9289.feishu.cn/wiki/A9WcwRkFsijnyIkf6vlcx13znoh |
|---|
| المستخدم | bigbrother_man (UID 96003) |
|---|
| ارسال | 29/04/2026 03:02 AM (1 شهر منذ) |
|---|
| الاعتدال | 26/05/2026 08:40 AM (27 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 365608 [Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10 /api/Dinner/PayConfig tableno حقن SQL] |
|---|
| النقاط | 20 |
|---|