diff --git a/seaflysoft_ERP_getylist_login.do_SQL_Injection.md b/seaflysoft_ERP_getylist_login.do_SQL_Injection.md
new file mode 100644
index 0000000..825cfac
--- /dev/null
+++ b/seaflysoft_ERP_getylist_login.do_SQL_Injection.md
@@ -0,0 +1,12 @@
+## seaflysoft ERP getylist_login.do SQL Injection
+
+|   **Vulnerability**  | **seaflysoft ERP getylist_login.do SQL Injection**  |
+| :----:   | :-----|
+|  **Chinese name**  | 海翔云平台 getylist_login.do SQL 注入漏洞 |
+| **CVSS core**  | 8.0 |
+| **FOFA Query**  (click to view the results directly)| [body=\"checkMacWaitingSecond\"](https://en.fofa.info/result?qbase64=Ym9keT0iY2hlY2tNYWNXYWl0aW5nU2Vjb25kIg%3D%3D) |
+| **Number of assets affected**  | 773 |
+| **Description**  | seaflysoft cloud platform one-stop overall solution provider, business covers wholesale, chain, retail industry ERP solutions, wms warehousing solutions, e-commerce, field work, mobile terminal (PDA, APP, small program) solutions. There is a SQL injection vulnerability in the system getylist_login.do, through which an attacker can obtain database permissions |
+| **Impact** | In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions. |
+
+![](https://s3.bmp.ovh/imgs/2023/05/12/416d432cd922426c.gif)