| शीर्षक | Shanghai Lingdang Information Technology Lingdang CRM ≤V8.6.4.3 SQL Injection |
|---|
| विवरण | There is an SQL injection vulnerability in the system interface tabdetail_moduleSave.php. In the JSON request received by the interface, the getvaluestring field is not effectively parameterized and is directly concatenated into the SQL query statement. Attackers can launch time blind injection attacks by constructing statements such as SELECT IF (1=1, SLEEP (10), 0) to detect database structure and obtain sensitive information. The vulnerability is due to the lack of pre compiled statements and input validation. It is recommended to fix it as soon as possible. |
|---|
| स्रोत | ⚠️ https://www.notion.so/SQL2-2459bb66b0a5802ba8e9ca5bc775fc7d?source=copy_link |
|---|
| उपयोगकर्ता | Anonymous User |
|---|
| सबमिशन | 04/08/2025 08:42 AM (9 महीनों पहले) |
|---|
| संयम | 19/08/2025 07:44 AM (15 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 320520 [Shanghai Lingdang Information Technology Lingdang CRM तक 8.6.4.7 tabdetail_moduleSave.php getvaluestring SQL इंजेक्शन] |
|---|
| अंक | 17 |
|---|