Create SQL_injection_exists_on_Lotus_ERP_DictionaryEdit.aspx_pag.md

add SQL_injection_exists_on_Lotus_ERP_DictionaryEdit.aspx_pag

SQL_injection_exists_on_Lotus_ERP_DictionaryEdit.aspx_pag.md

@@ -0,0 +1,12 @@
+## SQL injection exists on Lotus ERP DictionaryEdit.aspx pag
+
+|   **Vulnerability**  | **SQL injection exists on Lotus ERP DictionaryEdit.aspx pag**  |
+| :----:   | :-----|
+|  **Chinese name**  | 商混ERP系统 DictionaryEdit.aspx 页面存在SQL注入 |
+| **CVSS core**  | 8.5 |
+| **FOFA Query**  (click to view the results directly)| [title="商混ERP系统"](https://en.fofa.info/result?qbase64=dGl0bGU9IuWVhua3t0VSUOezu%2Be7nyI%3D) |
+| **Number of assets affected**  | 616 |
+| **Description**  | Hangzhou Lotus Software Co., Ltd. developed the commercial ERP system. This system mainly deals with the management of the mixing station of the construction company or various projects, including the sales module, production management module, laboratory module, personnel management, etc. The company's commercial concrete ERP system/Sys/DictionaryEdit dict at aspx_ SQL error injection vulnerability exists in the key parameter, which allows attackers to obtain database permissions. |
+| **Impact** | In addition to taking advantage of SQL injection vulnerabilities to obtain information in the database (for example, administrator background password, site user personal information), attackers can even write Trojan horses to the server under high permissions to further obtain server system permissions. |
+
+![](https://s3.bmp.ovh/imgs/2023/05/12/7fe36b3b6ee2d967.gif)