| Title | Shenzhen Sixun Software Co., Ltd. Sixun Shangqi 10 Business Management System Sixun Shangqi 10 SQL Injection |
|---|
| Description | A high-risk unauthenticated SQL Jection vulnerability exists in the /api/Dinner/PayConfig endpoint of Sixun Shangqi 10 Business Management System. The application fails to properly sanitize or validate the tableno parameter. An unauthenticated remote attacker can send a specially crafted request containing SQL payloads, which are executed by the backend database.
Successful exploitation allows the attacker to perform time-based blind SQL injection, infer database information, and potentially access or modify sensitive business data. |
|---|
| Source | ⚠️ https://ucn9h68n9289.feishu.cn/wiki/A9WcwRkFsijnyIkf6vlcx13znoh |
|---|
| User | bigbrother_man (UID 96003) |
|---|
| Submission | 04/29/2026 03:02 (2 months ago) |
|---|
| Moderation | 05/26/2026 08:40 (27 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 365608 [Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10 /api/Dinner/PayConfig tableno sql injection] |
|---|
| Points | 20 |
|---|