Submeter #687606: WeiYe-Jing DataX-Web <= 2.1.2 SQL Injectioninformação

TítuloWeiYe-Jing DataX-Web <= 2.1.2 SQL Injection
DescriçãoDataX-Web is a distributed data synchronization tool with web-based management. The application supports incremental data synchronization based on ID or timestamp. When using ID-based incremental sync, the system needs to query the maximum ID value from the source table. However, the table name and primary key column name are taken directly from user input without proper validation, leading to SQL injection.
Fonte⚠️ https://github.com/Xzzz111/exps/blob/main/archives/datax-web-sql-injection-1/report.md
Utilizador sh7err (UID 91441)
Submissão02/11/2025 16h50 (há 6 meses)
Moderação15/11/2025 16h11 (13 days later)
EstadoAceite
Entrada VulDB332585 [WeiYe-Jing datax-web até 2.1.2 Injeção SQL]
Pontos19

VoltarVisão GeralPróximo

Want to know what is going to be exploited?

We predict KEV entries!