21 matches found
CVE-2026-9544
A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. Performing a manipulation of the argument tableno results in sql injection. The attack is possible...
CVE-2026-9544 Shenzhen Sixun Software Sixun Shanghui Group Business Management System PayConfig sql injection
A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. Performing a manipulation of the argument tableno results in sql injection. The attack is possible...
CVE-2025-14697
A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories accessible. The attack may be launched remotel...
CVE-2025-14697 Shenzhen Sixun Software Sixun Shanghui Group Business Management System ExportFiles file access
A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories accessible. The attack may be launched remotel...
CVE-2025-14697 Shenzhen Sixun Software Sixun Shanghui Group Business Management System ExportFiles file access
A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories accessible. The attack may be launched remotel...
EUVD-2025-203321
A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories accessible. The attack may be launched remotel...
CVE-2025-14697
CVE-2025-14697 affects Shenzhen Sixun Software Sixun Shanghui Group Business Management System (v4.10.24.3). The vulnerability targets an accessible component under the file path /ExportFiles/ where manipulation can cause files or directories to be accessible. It is described as exploitable remot...
EUVD-2025-203322
A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The manipulation leads to weak password recovery. The attack may be...
CVE-2025-14696 Shenzhen Sixun Software Sixun Shanghui Group Business Management System UpdatePasswordBatch password recovery
A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The manipulation leads to weak password recovery. The attack may be...
VulnCheck KEV: CVE-2025-4281
A vulnerability, which was classified as problematic, was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7. This affects an unknown part of the file /api/GylOperator/LoadData. The manipulation leads to information disclosure. It is possible to initiate the attack...
CVE-2025-4281
A vulnerability, which was classified as problematic, was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7. This affects an unknown part of the file /api/GylOperator/LoadData. The manipulation leads to information disclosure. It is possible to initiate the attack...
CVE-2025-2114
CVE-2025-2114 affects Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7, specifically the Reset Password Interface component and its OperatorStop.asp handling. The root cause is improper authorization due to manipulation of the OperId parameter in that endpoint, which may ...
bumsys 跨站脚本漏洞
bumsys is an open source project called Business Management System by unilogies individual developers. A cross-site scripting vulnerability exists in versions of bumsys prior to 2.2.0, which stems from a stored cross-site scripting XSS vulnerability...
bumsys 安全漏洞
bumsys is an open source project called Business Management System by unilogies individual developers. A security vulnerability exists in versions of bumsys prior to 2.2.0, which originates from an externally controlled file name or path...
bumsys 跨站请求伪造漏洞
bumsys is an open source project called Business Management System by the individual developers of unilogies. A cross-site request forgery vulnerability exists in versions of unilogies/bumsys prior to 2.1.1, which stems from the presence of cross-site request forgery...
bumsys 安全漏洞
bumsys is an open source project called Business Management System by unilogies individual developers. A security vulnerability exists in versions of bumsys prior to 2.1.1, which stems from an api processing endpoint that is allowed to contain local files that can be used to cause remote code...
Firmanet Business Management System 跨站脚本漏洞
Firmanet Business Management System is a business management system from Firmanet Corporation. A security vulnerability exists in Firmanet Business Management System, which arises from improper neutralization of input during web page generation, allowing XSS Targeting of HTML attributes...
bumsys 跨站脚本漏洞
bumsys is an open source project called Business Management System by unilogies individual developers. A cross-site scripting vulnerability exists in versions of bumsys prior to v2.0.1. Attackers use this vulnerability to execute cross-site scripting attacks...
bumsys 代码问题漏洞
bumsys is an open source project called Business Management System by unilogies individual developers. A code issue vulnerability exists in versions prior to bumsys v1.0.3-beta, which stems from the fact that it allows an attacker to upload dangerous types of files without restriction...
SQL Injection Vulnerability in PCS Collection Operations Management System (CNVD-2021-43931)
Chengdu Qiangshi Technology Co., Ltd. is a high-tech enterprise integrating computer hardware and software development and sales. A SQL injection vulnerability exists in the PCS Collection Business Management System. An attacker can exploit the vulnerability to obtain sensitive information from t...