| tiêu đề | Tiandy Technologies Co., Ltd. Integrated Management Platform 7.17.0 SQL Injection |
|---|
| Mô tả | The system is vulnerable to an Unauthenticated SQL Injection within the getAuthorityByUserId authorization endpoint. An attacker can inject malicious SQL commands via the userId parameters without any prior login. It has been verified that this flaw allows the extraction of database user information (e.g., current_user). Given that this vulnerability exists within a core authorization module, it could be further exploited to bypass access control mechanisms and retrieve administrative credentials. This unauthorized access to sensitive data poses a severe threat to the system's confidentiality and integrity. |
|---|
| Nguồn | ⚠️ https://my.feishu.cn/docx/UxbzdoU7coxKGjxbJ7ycPor3n3Q?from=from_copylink |
|---|
| Người dùng | 0menc (UID 75423) |
|---|
| Đệ trình | 04/03/2026 08:51 (cách đây 2 các tháng) |
|---|
| Kiểm duyệt | 15/03/2026 19:46 (11 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 351155 [Tiandy Integrated Management Platform 7.17.0 getAuthorityByUserId userId Tiêm SQL] |
|---|
| điểm | 20 |
|---|