Submit #815425: Shenzhen Sixun Software Co., Ltd. Sixun Shangqi 10 Business Management System Sixun Shangqi 10 SQL Injectioninfo

TitleShenzhen Sixun Software Co., Ltd. Sixun Shangqi 10 Business Management System Sixun Shangqi 10 SQL Injection
DescriptionA high-risk unauthenticated SQL Jection vulnerability exists in the /api/Dinner/PayConfig endpoint of Sixun Shangqi 10 Business Management System. The application fails to properly sanitize or validate the tableno parameter. An unauthenticated remote attacker can send a specially crafted request containing SQL payloads, which are executed by the backend database. Successful exploitation allows the attacker to perform time-based blind SQL injection, infer database information, and potentially access or modify sensitive business data.
Source⚠️ https://ucn9h68n9289.feishu.cn/wiki/A9WcwRkFsijnyIkf6vlcx13znoh
User
 bigbrother_man (UID 96003)
Submission04/29/2026 03:02 (2 months ago)
Moderation05/26/2026 08:40 (27 days later)
StatusAccepted
VulDB entry365608 [Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10 /api/Dinner/PayConfig tableno sql injection]
Points20

Do you know our Splunk app?

Download it now for free!