MEDIUM
Shenzhen Sixun Software
CVE published 2026-05-26
CVE-2026-9544
A SQL injection vulnerability exists in the Shenzhen Sixun Software Sixun Shanghui Group Business Management System version 10. The vulnerability is located in the `/api/Dinner/PayConfig` endpoint, where the `tableno` parameter is susceptible to injection attacks. The issue allows remote attackers to manipulate SQL queries through crafted input to this parameter. The vulnerability has been publicly disclo [truncated]