| Titel | Shenzhen Sixun Software Co., Ltd. Sixun Shangqi 10 Business Management System Sixun Shangqi 10 SQL Injection |
|---|
| Beschreibung | A high-risk unauthenticated SQL Jection vulnerability exists in the /api/Dinner/PayConfig endpoint of Sixun Shangqi 10 Business Management System. The application fails to properly sanitize or validate the tableno parameter. An unauthenticated remote attacker can send a specially crafted request containing SQL payloads, which are executed by the backend database.
Successful exploitation allows the attacker to perform time-based blind SQL injection, infer database information, and potentially access or modify sensitive business data. |
|---|
| Quelle | ⚠️ https://ucn9h68n9289.feishu.cn/wiki/A9WcwRkFsijnyIkf6vlcx13znoh |
|---|
| Benutzer | bigbrother_man (UID 96003) |
|---|
| Einreichung | 29.04.2026 03:02 (vor 1 Monat) |
|---|
| Moderieren | 26.05.2026 08:40 (27 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 365608 [Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10 /api/Dinner/PayConfig tableno SQL Injection] |
|---|
| Punkte | 20 |
|---|