CVE-2026-9544 | Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10 /api/Dinner/PayConfig tableno sql injection

A vulnerability marked as critical has been reported in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. Performing a manipulation of the argument tableno results in sql injection.

This vulnerability is reported as CVE-2026-9544. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-9544 | Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10 /api/Dinner/PayConfig tableno sql injection

Post correlati

CVE-2024-3242 | Brizy Plugin up to 2.4.44 on WordPress unrestricted upload

CVE-2025-65796 | usememos 0.25.2 Reaction access control

CVE-2025-11607 | harry0703 MoneyPrinterTurbo up to 1.2.6 API Endpoint music.py upload_music File path traversal

CVE-2024-1730 | bdthemes Prime Slider Plugin up to 3.14.0 on WordPress link cross site scripting