Enviar #687606: WeiYe-Jing DataX-Web <= 2.1.2 SQL Injectioninformación

TítuloWeiYe-Jing DataX-Web <= 2.1.2 SQL Injection
DescripciónDataX-Web is a distributed data synchronization tool with web-based management. The application supports incremental data synchronization based on ID or timestamp. When using ID-based incremental sync, the system needs to query the maximum ID value from the source table. However, the table name and primary key column name are taken directly from user input without proper validation, leading to SQL injection.
Fuente⚠️ https://github.com/Xzzz111/exps/blob/main/archives/datax-web-sql-injection-1/report.md
Usuario sh7err (UID 91441)
Sumisión2025-11-02 16:50 (hace 6 meses)
Moderación2025-11-15 16:11 (13 days later)
EstadoAceptado
Entrada de VulDB332585 [WeiYe-Jing datax-web hasta 2.1.2 inyección SQL]
Puntos19

AnteriorVisión De ConjuntoPróximo

Want to know what is going to be exploited?

We predict KEV entries!