Submeter #815425: Shenzhen Sixun Software Co., Ltd. Sixun Shangqi 10 Business Management System Sixun Shangqi 10 SQL Injectioninformação

TítuloShenzhen Sixun Software Co., Ltd. Sixun Shangqi 10 Business Management System Sixun Shangqi 10 SQL Injection
DescriçãoA high-risk unauthenticated SQL Jection vulnerability exists in the /api/Dinner/PayConfig endpoint of Sixun Shangqi 10 Business Management System. The application fails to properly sanitize or validate the tableno parameter. An unauthenticated remote attacker can send a specially crafted request containing SQL payloads, which are executed by the backend database. Successful exploitation allows the attacker to perform time-based blind SQL injection, infer database information, and potentially access or modify sensitive business data.
Fonte⚠️ https://ucn9h68n9289.feishu.cn/wiki/A9WcwRkFsijnyIkf6vlcx13znoh
Utilizador
 bigbrother_man (UID 96003)
Submissão29/04/2026 03h02 (há 1 mês)
Moderação26/05/2026 08h40 (27 days later)
EstadoAceite
Entrada VulDB365608 [Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10 /api/Dinner/PayConfig tableno Injeção SQL]
Pontos20

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!