| tiêu đề | risesoft-y9 Digital-Infrastructure <=9.6.7 SQL Injection |
|---|
| Mô tả | In the latest version (<=9.6.7), a parameter passed to the endpoint /server-platform/services/rest/auth/authenticate3 are user-controllable and not sanitized, and no prepared statements are used when executing the final SQL query, resulting in a SQL injection vulnerability. Attackers can exploit this vulnerability to obtain sensitive data from the database and even gain complete control of the server.
the vulnerability is also affecting to the endpoints (same sink):
/server-platform/services/rest/auth/authenticate5
/server-platform/services/rest/v1/auth/authenticate3 |
|---|
| Nguồn | ⚠️ https://github.com/risesoft-y9/Digital-Infrastructure/issues/2 |
|---|
| Người dùng | ZAST.AI (UID 87884) |
|---|
| Đệ trình | 03/01/2026 10:05 (cách đây 5 các tháng) |
|---|
| Kiểm duyệt | 16/01/2026 17:43 (13 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 341603 [risesoft-y9 Digital-Infrastructure đến 9.6.7 REST Authenticate Endpoint Y9PlatformUtil.java Tiêm SQL] |
|---|
| điểm | 20 |
|---|