Soumettre #815425: Shenzhen Sixun Software Co., Ltd. Sixun Shangqi 10 Business Management System Sixun Shangqi 10 SQL Injectioninformation

TitreShenzhen Sixun Software Co., Ltd. Sixun Shangqi 10 Business Management System Sixun Shangqi 10 SQL Injection
DescriptionA high-risk unauthenticated SQL Jection vulnerability exists in the /api/Dinner/PayConfig endpoint of Sixun Shangqi 10 Business Management System. The application fails to properly sanitize or validate the tableno parameter. An unauthenticated remote attacker can send a specially crafted request containing SQL payloads, which are executed by the backend database. Successful exploitation allows the attacker to perform time-based blind SQL injection, infer database information, and potentially access or modify sensitive business data.
La source⚠️ https://ucn9h68n9289.feishu.cn/wiki/A9WcwRkFsijnyIkf6vlcx13znoh
Utilisateur
 bigbrother_man (UID 96003)
Soumission29/04/2026 03:02 (il y a 1 mois)
Modérer26/05/2026 08:40 (27 days later)
StatutAccepté
Entrée VulDB365608 [Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10 /api/Dinner/PayConfig tableno injection SQL]
Points20

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!