| tiêu đề | Shenzhen Sixun Software Co., Ltd. Sixun Shangqi 10 Business Management System Sixun Shangqi 10 SQL Injection |
|---|
| Mô tả | A high-risk unauthenticated SQL Jection vulnerability exists in the /api/Dinner/PayConfig endpoint of Sixun Shangqi 10 Business Management System. The application fails to properly sanitize or validate the tableno parameter. An unauthenticated remote attacker can send a specially crafted request containing SQL payloads, which are executed by the backend database.
Successful exploitation allows the attacker to perform time-based blind SQL injection, infer database information, and potentially access or modify sensitive business data. |
|---|
| Nguồn | ⚠️ https://ucn9h68n9289.feishu.cn/wiki/A9WcwRkFsijnyIkf6vlcx13znoh |
|---|
| Người dùng | bigbrother_man (UID 96003) |
|---|
| Đệ trình | 29/04/2026 03:02 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 26/05/2026 08:40 (27 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 365608 [Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10 /api/Dinner/PayConfig tableno Tiêm SQL] |
|---|
| điểm | 20 |
|---|