| शीर्षक | Shenzhen Sixun Software Co., Ltd. Sixun Shangqi 10 Business Management System Sixun Shangqi 10 SQL Injection |
|---|
| विवरण | A high-risk unauthenticated SQL Jection vulnerability exists in the /api/Dinner/PayConfig endpoint of Sixun Shangqi 10 Business Management System. The application fails to properly sanitize or validate the tableno parameter. An unauthenticated remote attacker can send a specially crafted request containing SQL payloads, which are executed by the backend database.
Successful exploitation allows the attacker to perform time-based blind SQL injection, infer database information, and potentially access or modify sensitive business data. |
|---|
| स्रोत | ⚠️ https://ucn9h68n9289.feishu.cn/wiki/A9WcwRkFsijnyIkf6vlcx13znoh |
|---|
| उपयोगकर्ता | bigbrother_man (UID 96003) |
|---|
| सबमिशन | 29/04/2026 03:02 AM (1 महीना पहले) |
|---|
| संयम | 26/05/2026 08:40 AM (27 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 365608 [Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10 /api/Dinner/PayConfig tableno SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|